Thread: [SOLVED] virus that tries to infect me with other malware
View Single Post
Old 11-26-2007, 09:09 AM   #1 (permalink)
urrong
Registered User
 
Join Date: Nov 2007
Posts: 12
OS: win xp sp2, linux mandriva 2007


[SOLVED] virus that tries to infect me with other malware
Hi,
this is my first post. My problem is That i constantly receive virus warnings from avast antivirus 4.7 pro. I had some malware that ware displaying fake popups saying my computer is infected and i also had the "best seller antivirus" installed widouth my knowlede and some toolbar "virus security 7" or something like that. So i founded the files that were doing all that and removed them from registry and computer drive but i still have a visrus that downloads other viruses and tryes to infect me. Luckily avast gets all the files before they infect me. But i guess that avast cant find the one that is downloading other ones. O, and i cant use my internet explorer cuz when i was infected the virus changed the exe of IE and IE terminated every time it started. Then i installed it again after the viruses and when IE is running the popups start to come. So this is my problem: 1. cant use IE, 2. Other malware tries to infect me. And i also have external hard drive that i only use on my computer, so there is also a possibility that the virus is on the external hard drive. I dont want to lose my data so my last thing is to format my hard drives. My log from dss (main):

Deckard's System Scanner v20071014.68
Run by Ernest on 2007-11-26 16:28:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
69: 2007-11-26 15:28:42 UTC - RP98 - Deckard's System Scanner Restore Point
68: 2007-11-25 21:41:09 UTC - RP97 - Removed Age of Empires III
67: 2007-11-25 13:28:42 UTC - RP96 - Installed DirectX
66: 2007-11-25 09:54:03 UTC - RP95 - System Checkpoint
65: 2007-11-23 23:09:07 UTC - RP94 - Installed Adobe Photoshop CS2


-- First Restore Point --
1: 2007-10-24 14:25:44 UTC - RP30 - Installed Windows Internet Explorer 7.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Ernest.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:30:28, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ernest\Desktop\Internet Downloads\dss.exe
C:\DOCUME~1\Ernest\Desktop\INTERN~1\Ernest.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\gesudpkr.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\lstfasmy.dll (file missing)
O2 - BHO: (no name) - {D4D846C2-DB94-457E-A15C-91D675BB7EF9} - C:\WINDOWS\system32\vtsqr.dll
O2 - BHO: IEFW Object - {FAAD2038-C371-473D-86F1-5B11D39C3775} - C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [Norton] C:\Program Files\ASUS\WLAN Card Utilities\NorExec.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\evpokhxx.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Felix] C:\Program Files\ScreenMates\felix.exe
O4 - HKCU\..\Run: [KamikazeKat] C:\Program Files\ScreenMates\kamikazekat.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{649D4639-4642-483A-A2A0-DF4F8D1A4218}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: lstfasmy - lstfasmy.dll (file missing)
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ventrilo - Unknown owner - C:\Program Files\VentSrv\ventrilo_svc.exe (file missing)

--
End of file - 9350 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Ernest\Desktop\INTERN~1\backups\) -----

backup-20071022-205710-131 O1 - Hosts: 216.999.248.174 www.cia.gov
backup-20071022-205710-223 O13 - WWW Prefix: http://www.serial99.com/?
backup-20071022-205710-828 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\eugcvsin.dll
backup-20071024-151750-302 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\kqbnavia.dll",b
backup-20071024-151750-447 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071024-151750-770 O4 - HKLM\..\Run: [BestsellerAntivirus] C:\Program Files\BestsellerAntivirus\pgs.exe
backup-20071024-151838-663 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071024-161508-943 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071024-161541-180 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071024-163025-839 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll
backup-20071030-161144-392 O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\lstfasmy.dll (file missing)
backup-20071030-161225-151 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\dymxsqmn.dll",b
backup-20071101-140629-455 O4 - HKLM\..\Run: [DriverUpdate] C:\WINDOWS\system32\UpdateDriver.exe
backup-20071101-140957-756 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\jwtyjepu.dll",b
backup-20071125-162020-117 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071125-162020-392 O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
backup-20071125-162020-474 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20071125-162020-557 O4 - HKLM\..\Run: [f04dfea0] rundll32.exe "C:\WINDOWS\system32\gqvdsjbo.dll",b
backup-20071125-162020-578 O23 - Service: DomainService - - C:\WINDOWS\system32\kaskfral.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 EIO - c:\windows\system32\drivers\eio.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Kernel Mode Driver for NT>
R2 PBParallel - c:\windows\system32\drivers\pbparallel.sys <Not Verified; Precise Biometrics AB; Precise 100>
R2 PBSmartcard - c:\windows\system32\drivers\pbsmartcard.sys <Not Verified; Precise Biometrics AB; Precise 100>
R3 Actrpcsc - c:\windows\system32\drivers\actrpcsc.sys <Not Verified; ActivCard; >
R3 ADIHdAudAddService (ADI UAA Function Driver for High Definition Audio Service) - c:\windows\system32\drivers\adihdaud.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital HD Audio Driver>
R3 AEAudio (AE Audio Service) - c:\windows\system32\drivers\aeaudio.sys <Not Verified; Andrea Electronics Corporation; Andrea Audio Driver>
R3 ASNDIS5 (ASNDIS5 Protocol Driver) - c:\windows\system32\asndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S2 ACR (PC/SC ActivCard ActivReader) - c:\windows\system32\drivers\acr.sys <Not Verified; ActivCard S.A.; ActivCard PC/SC ActivReader Driver>
S2 ACTR (Smart Card Reader) - c:\windows\system32\drivers\actr.sys <Not Verified; ActivCard S.A.; ActivCard PC/SC SmartReader Driver>
S3 actccid (ActivCard USB Reader V2) - c:\windows\system32\drivers\actccid.sys <Not Verified; ActivCard; USB Reader V2>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 acautoreg (ActivCard Gold Autoregister) - c:\program files\common files\activcard\acautoreg.exe <Not Verified; ActivIdentity; ActivCard Gold>
R2 Accoca (ActivCard Gold service) - c:\program files\common files\activcard\accoca.exe <Not Verified; ActivCard; ActivCard Gold>
R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service>
R2 ForcewareWebInterface (Forceware Web Interface) - "c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>

S2 Ventrilo - c:\program files\ventsrv\ventrilo_svc.exe (file missing)
S4 DomainService - c:\windows\system32\kaskfral.exe /service <Not Verified; ; DDC>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0000
Manufacturer: Applied Networking Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0000
Service: hamachi


-- Scheduled Tasks -------------------------------------------------------------

2007-11-26 16:00:00 368 --a------ C:\WINDOWS\Tasks\HPpromotions journeysoftware.job
2007-11-10 09:11:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-10-26 and 2007-11-26 -----------------------------

2007-11-26 16:28:27 85056 --a------ C:\WINDOWS\system32\evpokhxx.dll
2007-11-26 16:25:28 71232 --a------ C:\WINDOWS\system32\lajiblrt.exe <Not Verified; ; DDC>
2007-11-26 16:25:28 145984 --a------ C:\WINDOWS\system32\issdroln.dll
2007-11-26 16:14:37 0 d-------- C:\ie-spyad_zo
2007-11-26 16:14:21 0 d-------- C:\Program Files\SpywareBlaster
2007-11-25 16:28:27 85056 -----n--- C:\WINDOWS\system32\lbtvcfxd.dll
2007-11-25 16:25:27 71232 --a------ C:\WINDOWS\system32\faraddtc.exe <Not Verified; ; DDC>
2007-11-25 16:22:56 145984 --a------ C:\WINDOWS\system32\rskcrkjt.dll
2007-11-25 16:18:41 145984 --a------ C:\WINDOWS\system32\dduiuyau.dll
2007-11-25 16:16:10 71232 --a------ C:\WINDOWS\system32\ughmbuhv.exe <Not Verified; ; DDC>
2007-11-25 16:09:06 71232 --a------ C:\WINDOWS\system32\dfvbpmhr.exe <Not Verified; ; DDC>
2007-11-25 1606 145984 --a------ C:\WINDOWS\system32\cfpgnnoq.dll
2007-11-25 16:03:36 145984 --a------ C:\WINDOWS\system32\iwjvjeib.dll
2007-11-25 12:15:28 0 d-------- C:\Program Files\ScreenMates
2007-11-25 11:04:08 85056 --a------ C:\WINDOWS\system32\gqvdsjbo.dll
2007-11-25 11:01:08 71232 --a------ C:\WINDOWS\system32\fnjikbhj.exe <Not Verified; ; DDC>
2007-11-25 10:58:08 145984 --a------ C:\WINDOWS\system32\tapaaxbg.dll
2007-11-24 11:47:35 71232 --a------ C:\WINDOWS\system32\sywkqhiq.exe <Not Verified; ; DDC>
2007-11-24 11:45:05 145984 --a------ C:\WINDOWS\system32\hnbdslmb.dll
2007-11-24 00:10:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-11-24 00:10:00 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-11-23 17:48:29 145984 --a------ C:\WINDOWS\system32\oaoquwca.dll
2007-11-23 17:48:28 71232 --a------ C:\WINDOWS\system32\yytrfqpx.exe <Not Verified; ; DDC>
2007-11-23 03:00:35 0 d-------- C:\Program Files\MSXML 4.0
2007-11-22 17:52:36 0 --a------ C:\WINDOWS\system32\sgwsujsd.exe
2007-11-22 17:49:58 71232 --a------ C:\WINDOWS\system32\ajgvqeyn.exe <Not Verified; ; DDC>
2007-11-22 17:49:34 145984 --a------ C:\WINDOWS\system32\gdpckulr.dll
2007-11-21 17:52:32 0 --a------ C:\WINDOWS\system32\qghtdycg.exe
2007-11-21 17:49:32 71232 --a------ C:\WINDOWS\system32\qofpaoch.exe <Not Verified; ; DDC>
2007-11-21 17:49:32 145984 --a------ C:\WINDOWS\system32\kcwmlkrv.dll
2007-11-20 17:47:07 145984 --a------ C:\WINDOWS\system32\iuytwduf.dll
2007-11-20 17:47:06 71232 --a------ C:\WINDOWS\system32\lihbpwjk.exe <Not Verified; ; DDC>
2007-11-19 17:48:17 145984 --a------ C:\WINDOWS\system32\dktlfsqs.dll
2007-11-19 17:48:16 71232 --a------ C:\WINDOWS\system32\mfwhgsul.exe <Not Verified; ; DDC>
2007-11-18 17:50:21 145984 --a------ C:\WINDOWS\system32\asivgnmu.dll
2007-11-18 17:47:21 71232 --a------ C:\WINDOWS\system32\skatqjhv.exe <Not Verified; ; DDC>
2007-11-18 12:27:36 0 d-------- C:\Documents and Settings\Ernest\Application Data\InstallShield
2007-11-18 12:26:20 0 d-------- C:\Program Files\Avanquest update
2007-11-18 12:24:35 0 d-------- C:\Program Files\Motorola Phone Tools
2007-11-18 12:24:35 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-11-18 12:24:25 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-18 12:24:25 24192 --a------ C:\Documents and Settings\Ernest\usbsermptxp.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-11-18 12:24:25 22768 --a------ C:\Documents and Settings\Ernest\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-11-17 17:52:07 145984 --a------ C:\WINDOWS\system32\vspyafby.dll
2007-11-17 17:49:07 71232 --a------ C:\WINDOWS\system32\ciorspxi.exe <Not Verified; ; DDC>
2007-11-16 10:11:14 145984 --a------ C:\WINDOWS\system32\ingymkuo.dll
2007-11-16 10:11:13 71232 --a------ C:\WINDOWS\system32\drsugmvo.exe <Not Verified; ; DDC>
2007-11-15 10:13:16 71232 --a------ C:\WINDOWS\system32\usgbwjmv.exe <Not Verified; ; DDC>
2007-11-15 10:13:16 145984 --a------ C:\WINDOWS\system32\hiwwxlpx.dll
2007-11-14 20:43:06 145984 --a------ C:\WINDOWS\system32\hftisxgu.dll
2007-11-14 20:40:06 71232 --a------ C:\WINDOWS\system32\nlxricba.exe <Not Verified; ; DDC>
2007-11-13 20:42:09 145984 --a------ C:\WINDOWS\system32\oondmyno.dll
2007-11-13 20:39:09 71232 --a------ C:\WINDOWS\system32\eriwvpsl.exe <Not Verified; ; DDC>
2007-11-13 18:47:00 0 d-------- C:\Documents and Settings\Ernest\Application Data\OpenOffice.org2
2007-11-13 18:45:07 0 d-------- C:\Program Files\OpenOffice.org 2.3
2007-11-13 18:11:03 0 d-------- C:\visioowriter
2007-11-12 20:40:58 71232 --a------ C:\WINDOWS\system32\rbexxemg.exe <Not Verified; ; DDC>
2007-11-12 20:37:59 145984 --a------ C:\WINDOWS\system32\aniffnes.dll
2007-11-12 16:42:01 0 d-------- C:\Program Files\Ventrilo
2007-11-12 16:32:40 0 d--h----- C:\WINDOWS\PIF
2007-11-12 16:32:40 0 d-------- C:\Program Files\VentSrv
2007-11-11 20:38:58 145984 --a------ C:\WINDOWS\system32\ssvgakum.dll
2007-11-11 20:38:58 71232 --a------ C:\WINDOWS\system32\ngihouvl.exe <Not Verified; ; DDC>
2007-11-10 22:38:27 0 d-------- C:\Half-Life Editing
2007-11-10 22:37:31 0 d-------- C:\hl-edit
2007-11-10 20:41:57 145984 --a------ C:\WINDOWS\system32\nibwkpxv.dll
2007-11-10 20:38:57 71232 --a------ C:\WINDOWS\system32\uqalhqcn.exe <Not Verified; ; DDC>
2007-11-09 21:02:00 0 d-------- C:\Documents and Settings\Ernest\Application Data\GSC
2007-11-09 20:39:50 71232 --a------ C:\WINDOWS\system32\jwpjmtes.exe <Not Verified; ; DDC>
2007-11-09 20:36:50 145984 --a------ C:\WINDOWS\system32\sfnpsnuo.dll
2007-11-08 20:39:51 71232 --a------ C:\WINDOWS\system32\cnpgnvxi.exe <Not Verified; ; DDC>
2007-11-08 20:36:51 145984 --a------ C:\WINDOWS\system32\icjaaxsw.dll
2007-11-08 17:28:13 71232 --a------ C:\WINDOWS\system32\frvmvcgq.exe <Not Verified; ; DDC>
2007-11-08 17:27:51 145984 --a------ C:\WINDOWS\system32\aonfvnqq.dll
2007-11-08 10:32:42 0 d-------- C:\csdecals
2007-11-07 19:41:21 0 d-------- C:\USAF Mini Pro
2007-11-07 17:20:39 145984 --a------ C:\WINDOWS\system32\oinqtsqm.dll
2007-11-07 17:20:39 71232 --a------ C:\WINDOWS\system32\drskqjls.exe <Not Verified; ; DDC>
2007-11-06 19:45:40 0 d-------- C:\NVIDIA
2007-11-06 17:24:24 145984 --a------ C:\WINDOWS\system32\kbijcpvd.dll
2007-11-06 17:21:24 71232 --a------ C:\WINDOWS\system32\kaskfral.exe <Not Verified; ; DDC>
2007-11-04 12:03:37 0 d-------- C:\Documents and Settings\Ernest\Application Data\AdobeUM
2007-11-02 18:35:43 0 d-------- C:\Documents and Settings\Ernest\Application Data\Hamachi
2007-11-02 18:35:26 0 d-------- C:\Program Files\Hamachi
2007-11-01 13:57:38 0 d-------- C:\WINDOWS\pss
2007-10-30 14:54:07 0 d-------- C:\WINDOWS\LastGood
2007-10-30 14:44:57 0 d-------- C:\Documents and Settings\Ernest\Application Data\SystemRequirementsLab
2007-10-30 14:44:48 0 d-------- C:\WINDOWS\Sun
2007-10-30 14:44:48 0 d-------- C:\Documents and Settings\Ernest\Application Data\Sun
2007-10-30 13:56:48 84544 --a------ C:\WINDOWS\system32\dymxsqmn.dll
2007-10-30 10:46:45 0 d-------- C:\Program Files\Common Files\SCR331 PCSC Driver
2007-10-30 10:46:43 0 d-------- C:\Program Files\Common Files\SCR201 PCSC Driver
2007-10-30 10:46:34 0 d-------- C:\Program Files\Common Files\ActivCard
2007-10-30 10:46:27 0 d-------- C:\Program Files\Precise Biometrics
2007-10-30 10:42:39 0 d-------- C:\WINDOWS\LastGood.Tmp
2007-10-29 1805 0 d-------- C:\Program Files\ActivCard
2007-10-29 17:35:50 0 d-------- C:\WINDOWS\system32\appmgmt
2007-10-29 17:23:40 0 d-------- C:\Program Files\ActivIdentity
2007-10-28 14:11:22 0 d-------- C:\Program Files\HLSW
2007-10-27 10:32:25 0 d-------- C:\Program Files\Common Files\DirectX
2007-10-26 20:51:28 0 d-------- C:\Program Files\Valve
2007-10-26 18:13:26 0 d-------- C:\Documents and Settings\Ernest\Application Data\DivX


-- Find3M Report ---------------------------------------------------------------

2007-11-26 16:30:57 104251 ---hs---- C:\WINDOWS\system32\rqstv.ini2
2007-11-26 16:23:05 102745 ---hs---- C:\WINDOWS\system32\rqstv.bak1
2007-11-26 16:08:44 0 d-------- C:\Program Files\Azureus
2007-11-26 16:08:38 0 d-------- C:\Documents and Settings\Ernest\Application Data\Azureus
2007-11-25 22:44:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 18:30:37 0 d-------- C:\Documents and Settings\Ernest\Application Data\Skype
2007-11-25 16:22:55 103459 ---hs---- C:\WINDOWS\system32\rqstv.bak2
2007-11-24 12:13:11 0 d-------- C:\Documents and Settings\Ernest\Application Data\Adobe
2007-11-24 00:12:10 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-24 00:10:00 0 d-------- C:\Program Files\Common Files
2007-11-13 18:44:47 0 d-------- C:\Program Files\Java
2007-11-12 16:46:49 0 d-------- C:\Documents and Settings\Ernest\Application Data\Ventrilo
2007-10-31 12:53:21 1542 --a------ C:\WINDOWS\mozver.dat
2007-10-30 15:02:21 0 d-------- C:\Program Files\Xfire
2007-10-30 11:17:13 0 d-------- C:\Documents and Settings\Ernest\Application Data\Xfire
2007-10-25 19:42:50 0 d-------- C:\Program Files\Skype
2007-10-25 19:42:45 0 d-------- C:\Program Files\Common Files\Skype
2007-10-24 14:59:02 0 d-------- C:\Program Files\wlm
2007-10-24 13:38:22 0 d-------- C:\Program Files\Common Files\BestsellerAntivirus
2007-10-23 18:45:05 0 d-------- C:\Program Files\Messenger
2007-10-23 18:35:05 0 d-------- C:\Program Files\PowerISO
2007-10-23 18:31:24 0 d-------- C:\Program Files\Ahead
2007-10-23 18:31:16 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-23 17:20:27 0 d-------- C:\Program Files\Common Files\L&H
2007-10-23 17:20:15 0 d-------- C:\Program Files\Microsoft.NET
2007-10-23 17:20:01 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-23 17:19:25 0 d-------- C:\Program Files\Microsoft Works
2007-10-23 17:15:52 318048 --a------ C:\WINDOWS\system32\vtsqr.dll
2007-10-23 17:11:44 0 --------- C:\WINDOWS\system32\opnkifg.dll
2007-10-23 17:04:21 0 d-------- C:\Program Files\Common Files\Java
2007-10-23 17:01:18 0 d-------- C:\Documents and Settings\Ernest\Application Data\Macromedia
2007-10-23 16:56:16 0 d-------- C:\Documents and Settings\Ernest\Application Data\Apple Computer
2007-10-23 16:47:43 0 d-------- C:\Program Files\MSN Messenger
2007-10-23 16:33:42 0 d-------- C:\Program Files\XP Codec Pack
2007-10-23 16:33:26 0 d-------- C:\Program Files\QuickTime
2007-10-23 16:32:45 0 d-------- C:\Program Files\Xilisoft
2007-10-23 16:32:40 0 d-------- C:\Program Files\Apple Software Update
2007-10-23 16:29:59 0 --a------ C:\WINDOWS\nsreg.dat
2007-10-23 16:29:57 0 d-------- C:\Documents and Settings\Ernest\Application Data\Mozilla
2007-10-23 16:29:17 0 d-------- C:\Program Files\DivX
2007-10-23 15:57:08 0 d-------- C:\Program Files\ASUS
2007-10-23 15:21:38 0 d-------- C:\Program Files\Alwil Software
2007-10-23 15:02:57 0 d-------- C:\Program Files\Alcohol Soft
2007-10-23 14:55:22 70273 --a------ C:\WINDOWS\hpoins05.dat
2007-10-23 14:54:52 0 d-------- C:\Program Files\HP
2007-10-23 14:54:52 0 d-------- C:\Program Files\Common Files\HP
2007-10-23 14:54:28 0 d-------- C:\Program Files\Hewlett-Packard
2007-10-23 14:53:51 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-10-23 00:28:45 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-23 00:28:43 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-23 00:28:21 62 --ahs---- C:\Documents and Settings\Ernest\Application Data\desktop.ini
2007-10-22 23:07:47 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-22 22:57:55 0 d-------- C:\Program Files\Analog Devices
2007-10-22 22:55:29 22 --a------ C:\WINDOWS\FileName
2007-10-22 22:55:22 0 d-------- C:\Program Files\NVIDIA Corporation
2007-10-22 22:51:15 0 d-------- C:\Program Files\ASUSTeK
2007-10-22 22:41:04 0 d-------- C:\Documents and Settings\Ernest\Application Data\Identities
2007-10-22 22:37:25 0 d-------- C:\Program Files\microsoft frontpage
2007-10-22 22:37:12 0 -rahs---- C:\MSDOS.SYS
2007-10-22 22:37:12 0 -rahs---- C:\IO.SYS
2007-10-22 22:37:12 0 --a------ C:\CONFIG.SYS
2007-10-22 22:37:12 0 --a------ C:\AUTOEXEC.BAT
2007-10-22 22:36:12 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-22 22:35:28 0 d-------- C:\Program Files\Common Files\MSSoap
2007-10-22 22:35:21 0 d-------- C:\Program Files\Movie Maker
2007-10-22 22:34:38 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-22 22:34:23 0 d-------- C:\Program Files\Online Services
2007-10-22 22:34:14 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-22 22:34:06 0 d-------- C:\Program Files\Windows NT
2007-10-04 17:14:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-10-04 17:14:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-10-04 17:14:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-10-04 17:14:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-10-04 17:14:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-10-04 17:14:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89AD4D75-2429-462e-BD4E-443F233F6033}]
C:\WINDOWS\system32\gesudpkr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
C:\WINDOWS\system32\lstfasmy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4D846C2-DB94-457E-A15C-91D675BB7EF9}]
23.10.2007 17:15 318048 --a------ C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FAAD2038-C371-473D-86F1-5B11D39C3775}]
C:\Program Files\BestsellerAntivirus\Tools\IEFWBHO.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\lstfasmy.dll [ ]

[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [04.10.2007 17:14]
"nwiz"="nwiz.exe" [04.10.2007 17:14 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20.07.2006 22:04]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [13.07.2006 07:12]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [13.09.2004 14:49]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [06.09.2007 11:06]
"Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [24.02.2004 12:17]
"Norton"="C:\Program Files\ASUS\WLAN Card Utilities\NorExec.exe" [24.02.2004 21:53]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01.09.2006 14:57]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [25.09.2007 00:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09.07.2001 10:50]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [20.01.2007 08:09]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04.08.2004 13:00 C:\WINDOWS\system32\bthprops.cpl]
"QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [06.01.2005 19:01]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [04.10.2007 17:14]
"f04dfea0"="C:\WINDOWS\system32\evpokhxx.dll" [26.11.2007 16:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 13:00]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [17.08.2007 02:45]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 17:24]
"Felix"="C:\Program Files\ScreenMates\felix.exe" [25.11.2007 12:13]
"KamikazeKat"="C:\Program Files\ScreenMates\kamikazekat.exe" [25.11.2007 12:17]

C:\Documents and Settings\Ernest\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16.3.2005 19:16:50]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14.12.2004 3:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [4.11.2004 18:28:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lstfasmy]
lstfasmy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtsqr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c294a29-8194-11dc-a240-0018f3494cf0}]
AutoRun\command- H:\Urrong.exe




-- End of Deckard's System Scanner: finished at 2007-11-26 16:31:18 ------------

Now extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1023.29 MiB / 442.74 MiB
Pagefile Memory (total/avail): 2461.39 MiB / 1908.38 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.44 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 4.27 GiB free.
D: is Fixed (FAT32) - 152.25 GiB total, 102.78 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
O: is Fixed (NTFS) - 279.46 GiB total, 35.55 GiB free.

\\.\PHYSICALDRIVE0 - ST3250820AS - 232.88 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended Partition - 203.59 GiB - D:

\\.\PHYSICALDRIVE1 - ST330062 0A USB Device - 279.46 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 279.46 GiB - O:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AntivirusOverride is set.

FW: ActiveArmor Firewall v1.0 (NVIDIA Corporation) Disabled
AV: avast! antivirus 4.7.1043 [VPS 071125-0] v4.7.1043 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"D:\\Windows\\games\\Half-Life\\hl.exe"="D:\\Windows\\games\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"D:\\Windows\\games\\cod 2\\CoD2MP_s.exe"="D:\\Windows\\games\\cod 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\Windows\\games\\cs\\hl.exe"="D:\\Windows\\games\\cs\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Valve\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:HLSW"
"D:\\Windows\\games\\nfsu2\\speed2.exe"="D:\\Windows\\games\\nfsu2\\speed2.exe:*:Enabled:speed2"
"C:\\Program Files\\Valve\\Counter-Strike 1.6\\hlds.exe"="C:\\Program Files\\Valve\\Counter-Strike 1.6\\hlds.exe:*:Enabled:HLDS Launcher"
"F:\\Games\\Games\\PC_Call of Duty 1 -(.rip.)-(ToeD)\\Call of Duty\\The Call of Duty\\CoDMP.exe"="F:\\Games\\Games\\PC_Call of Duty 1 -(.rip.)-(ToeD)\\Call of Duty\\The Call of Duty\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\WINDOWS\\system32\\kaskfral.exe"="C:\\WINDOWS\\system32\\kas"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ernest\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=URRONG-B06A951C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\URRONG-B06A951C
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ActivCard\ActivCard Gold\resources;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ernest\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ernest\LOCALS~1\Temp
USERDOMAIN=URRONG-B06A951C
USERNAME=Ernest
USERPROFILE=C:\Documents and Settings\Ernest
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ernest (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivCard Gold --> MsiExec.exe /I{4C35ABDE-E901-4142-A973-94C4A16EDA6A}
ActivIdentity Device Installer --> MsiExec.exe /I{BB28BFD5-65B9-43F2-BD33-541123C35F82}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Apple Software Update --> MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ASUS Enhanced Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS nVIDIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
ASUS WLAN Card Utilities/Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F722FA9-B994-4C9B-B292-FD32D6206EDF}\Setup.exe" -l0x9
AsusUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Call of Duty(R) 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Counter-Strike 1.6 --> C:\Program Files\Valve\Counter-Strike 1.6\Uninstal.exe
Desert Storm --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C1212D0-9B68-474A-A376-EF01DCD204F1}\setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Half-Life Compile Tool Package --> C:\Half-Life Editing\uninstall_HL-Compiled.exe
Half-Life editing 0.9b --> c:\hl-edit\uninst.exe
Hamachi 1.0.1.1 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Ernest\Desktop\Internet Downloads\HijackThis.exe" /uninstall
HLSW v1.1.0 --> "C:\Program Files\HLSW\unins000.exe"
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express --> MsiExec.exe /X{8F7A4D82-B168-4F89-99C2-B9873EC877AF}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.9) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Need for Speed Underground 2 --> D:\Windows\games\nfsu2\EAUninstall.exe
Need for Speed™ Carbon --> D:\Windows\games\nfsc\EAUninstall.exe
Need for Speed™ Most Wanted --> D:\Windows\games\nfsmw\EAUninstall.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Ventrilo --> C:\PROGRA~1\Ventrilo\UNWISE.EXE C:\PROGRA~1\Ventrilo\INSTALL.LOG
VisiooWriter 0.6.1 --> C:\visioowriter\uninst.exe
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1133 / Error
Event Submitted/Written: 11/25/2007 07:28:35 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Catz.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1129 / Error
Event Submitted/Written: 11/25/2007 04:16:55 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module vtsqr.dll, version 0.0.0.0, fault address 0x0005f5c3.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type1128 / Error
Event Submitted/Written: 11/25/2007 04:16:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application hijackthis.exe, version 2.0.0.2, faulting module vtsqr.dll, version 0.0.0.0, fault address 0x0005f5c3.
Processing media-specific event for [hijackthis.exe!ws!]

Event Record #/Type1124 / Error
Event Submitted/Written: 11/25/2007 04:11:26 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hammer.exe, version 0.2.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1121 / Error
Event Submitted/Written: 11/25/2007 03:59:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4325 / Warning
Event Submitted/Written: 11/26/2007 06:02:01 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type4289 / Error
Event Submitted/Written: 11/25/2007 04:22:48 PM
Event ID/Source: 30013 / ipnathlp
Event Description:
The DHCP allocator has disabled itself on IP address 192.168.1.2,
since the IP address is outside the 192.168.0.0/255.255.255.0 scope
from which addresses are being allocated to DHCP clients.
To enable the DHCP allocator on this IP address,
please change the scope to include the IP address,
or change the IP address to fall within the scope.

Event Record #/Type4261 / Error
Event Submitted/Written: 11/25/2007 04:22:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Ventrilo service failed to start due to the following error:
%%2

Event Record #/Type4260 / Error
Event Submitted/Written: 11/25/2007 04:22:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Smart Card Reader service failed to start due to the following error:
%%20

Event Record #/Type4259 / Error
Event Submitted/Written: 11/25/2007 04:22:16 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PC/SC ActivCard ActivReader service failed to start due to the following error:
%%20



-- End of Deckard's System Scanner: finished at 2007-11-26 16:31:18 ------------

If you need anything else just say. Thanks in advance.

Urrong
urrong is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here