Thread: flashing shield, alternates with blue question mark and red x, balloon pops up
View Single Post
Old 01-07-2008, 01:05 AM   #1 (permalink)
dhult
Registered User
 
Join Date: Jan 2008
Posts: 13
OS: winxp


flashing shield, alternates with blue question mark and red x, balloon pops up
Hello,
I have this flashing shield that alternates between a blue questin mark and a red x, it has a balloon pop up that sends me to a virus protect website. I also cannot locate my control panel when signed on under owner. When i try to open the file that i saved the panda scan in, it says that word has not been installed for the current user. please run setup to install. but i know that i do have the word program installed.
Thanks for the help in advance! Here are my other logs....

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-08 01:48:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-08 01:48:51
Platform: Windows XP (5.01.2600)
MSIE: Internet Explorer (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NMSSvc.Exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\ssu.exe
C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5AA6D3DC-5327-4122-A52E-D06114743764} - C:\WINDOWS\System32\mlljj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 0 - {D6AA9327-8DAD-4559-7AB3-20BAEA823D74} - C:\Program Files\Outlook Express\quzajebi.dll (file missing)
O2 - BHO: (no name) - {F44D8E66-7BB6-49BD-A924-5E0368C00FD1} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IUgK6U] C:\docume~1\owner~1.pri\locals~1\temp\IUgK6U.exe
O4 - HKLM\..\Run: [rasfont] C:\WINDOWS\security\Database\rasfont.exe
O4 - HKLM\..\Run: [uvuditwh] C:\WINDOWS\uvuditwh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fol] C:\WINDOWS\fol.exe
O4 - HKLM\..\Run: [Etwawx] C:\Program Files\Qtbwnj\Amoly.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [{77-7C-C8-8D-ZN}] c:\windows\system32\dwdsrngt.exe CHD001
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ulib] C:\WINDOWS\System32\ulib.exe
O4 - HKCU\..\Run: [197_150_ni_1] C:\WINDOWS\System32\197_150_ni_1.exe
O4 - HKCU\..\Run: [dbnetlib] "C:\WINDOWS\System32\dbnetlib.exe"
O4 - HKCU\..\Run: [wiavusd] "C:\WINDOWS\System32\wiavusd.exe"
O4 - HKCU\..\Run: [rsvpsp] "C:\WINDOWS\System32\rsvpsp.exe"
O4 - HKCU\..\Run: [adsmsext] "C:\WINDOWS\System32\adsmsext.exe"
O4 - HKCU\..\Run: [schannel] "C:\WINDOWS\System32\schannel.exe"
O4 - HKCU\..\Run: [sisbkup] "C:\WINDOWS\System32\sisbkup.exe"
O4 - HKCU\..\Run: [mll_hp] "C:\WINDOWS\System32\mll_hp.exe"
O4 - HKCU\..\Run: [tdi-sonyomg] "C:\WINDOWS\System32\tdi-sonyomg.exe"
O4 - HKCU\..\Run: [mchgrcoi] "C:\WINDOWS\System32\mchgrcoi.exe"
O4 - HKCU\..\Run: [powrprof] "C:\WINDOWS\System32\powrprof.exe"
O4 - HKCU\..\Run: [usp10] "C:\WINDOWS\System32\usp10.exe"
O4 - HKCU\..\Run: [pngfilt] "C:\WINDOWS\System32\pngfilt.exe"
O4 - HKCU\..\Run: [winhttp] "C:\WINDOWS\System32\winhttp.exe"
O4 - HKCU\..\Run: [ipmontr] "C:\WINDOWS\System32\ipmontr.exe"
O4 - HKCU\..\Run: [iuctl] "C:\WINDOWS\System32\iuctl.exe"
O4 - HKCU\..\Run: [schedsvc] "C:\WINDOWS\System32\schedsvc.exe"
O4 - HKCU\..\Run: [msisip] "C:\WINDOWS\System32\msisip.exe"
O4 - HKCU\..\Run: [eglivecam_1028] "C:\WINDOWS\System32\eglivecam_1028.exe"
O4 - HKCU\..\Run: [qedit] "C:\WINDOWS\System32\qedit.exe"
O4 - HKCU\..\Run: [mspatcha] "C:\WINDOWS\System32\mspatcha.exe"
O4 - HKCU\..\Run: [javacypt] "C:\WINDOWS\System32\javacypt.exe"
O4 - HKCU\..\Run: [msr2cenu] "C:\WINDOWS\System32\msr2cenu.exe"
O4 - HKCU\..\Run: [igmpagnt] "C:\WINDOWS\System32\igmpagnt.exe"
O4 - HKCU\..\Run: [comctl32] "C:\WINDOWS\System32\comctl32.exe"
O4 - HKCU\..\Run: [ftsrch] "C:\WINDOWS\System32\ftsrch.exe"
O4 - HKCU\..\Run: [browsewm] "C:\WINDOWS\System32\browsewm.exe"
O4 - HKCU\..\Run: [digest] "C:\WINDOWS\System32\digest.exe"
O4 - HKCU\..\Run: [dpwsockx] "C:\WINDOWS\System32\dpwsockx.exe"
O4 - HKCU\..\Run: [neth] "C:\WINDOWS\System32\neth.exe"
O4 - HKCU\..\Run: [dmintf] "C:\WINDOWS\System32\dmintf.exe"
O4 - HKCU\..\Run: [kbdlt1] "C:\WINDOWS\System32\kbdlt1.exe"
O4 - HKCU\..\Run: [ir41_qcx] "C:\WINDOWS\System32\ir41_qcx.exe"
O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\System32\modemui.exe"
O4 - HKCU\..\Run: [umpnpmgr] "C:\WINDOWS\System32\umpnpmgr.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\System32\netapi.exe"
O4 - HKCU\..\Run: [sccbase] "C:\WINDOWS\System32\sccbase.exe"
O4 - HKCU\..\Run: [tapisrv] "C:\WINDOWS\System32\tapisrv.exe"
O4 - HKCU\..\Run: [kbdla] "C:\WINDOWS\System32\kbdla.exe"
O4 - HKCU\..\Run: [rasppp] "C:\WINDOWS\System32\rasppp.exe"
O4 - HKCU\..\Run: [rdocurs] "C:\WINDOWS\System32\rdocurs.exe"
O4 - HKCU\..\Run: [inetcomm] "C:\WINDOWS\System32\inetcomm.exe"
O4 - HKCU\..\Run: [ntdsapi] "C:\WINDOWS\System32\ntdsapi.exe"
O4 - HKCU\..\Run: [dbmsvinn] "C:\WINDOWS\System32\dbmsvinn.exe"
O4 - HKCU\..\Run: [icmui] "C:\WINDOWS\System32\icmui.exe"
O4 - HKCU\..\Run: [wiaservc] "C:\WINDOWS\System32\wiaservc.exe"
O4 - HKCU\..\Run: [cnmlm38] "C:\WINDOWS\System32\cnmlm38.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [wupdinfo] "C:\WINDOWS\System32\wupdinfo.exe"
O4 - HKCU\..\Run: [ezstub3] "C:\WINDOWS\System32\ezstub3.exe"
O4 - HKCU\..\Run: [rtipxmib] "C:\WINDOWS\System32\rtipxmib.exe"
O4 - HKCU\..\Run: [kbdazel] "C:\WINDOWS\System32\kbdazel.exe"
O4 - HKCU\..\Run: [rdpcfgex] "C:\WINDOWS\System32\rdpcfgex.exe"
O4 - HKCU\..\Run: [ntlsapi] "C:\WINDOWS\System32\ntlsapi.exe"
O4 - HKCU\..\Run: [kbdnec] "C:\WINDOWS\System32\kbdnec.exe"
O4 - HKCU\..\Run: [dmdlgs] "C:\WINDOWS\System32\dmdlgs.exe"
O4 - HKCU\..\Run: [mswsock] "C:\WINDOWS\System32\mswsock.exe"
O4 - HKCU\..\Run: [dispex] "C:\WINDOWS\System32\dispex.exe"
O4 - HKCU\..\Run: [wifeman] "C:\WINDOWS\System32\wifeman.exe"
O4 - HKCU\..\Run: [wiashext] "C:\WINDOWS\System32\wiashext.exe"
O4 - HKCU\..\Run: [ds32gt] "C:\WINDOWS\System32\ds32gt.exe"
O4 - HKCU\..\Run: [wtsapi32] "C:\WINDOWS\System32\wtsapi32.exe"
O4 - HKCU\..\Run: [ialmgicd] "C:\WINDOWS\System32\ialmgicd.exe"
O4 - HKCU\..\Run: [bszip] "C:\WINDOWS\System32\bszip.exe"
O4 - HKCU\..\Run: [nmsapi] "C:\WINDOWS\System32\nmsapi.exe"
O4 - HKCU\..\Run: [rtm] "C:\WINDOWS\System32\rtm.exe"
O4 - HKCU\..\Run: [sfmapi] "C:\WINDOWS\System32\sfmapi.exe"
O4 - HKCU\..\Run: [wmpcd] "C:\WINDOWS\System32\wmpcd.exe"
O4 - HKCU\..\Run: [bidispl] "C:\WINDOWS\System32\bidispl.exe"
O4 - HKCU\..\Run: [riched32] "C:\WINDOWS\System32\riched32.exe"
O4 - HKCU\..\Run: [unimdmat] "C:\WINDOWS\System32\unimdmat.exe"
O4 - HKCU\..\Run: [msencode] "C:\WINDOWS\System32\msencode.exe"
O4 - HKCU\..\Run: [csh] "C:\WINDOWS\System32\csh.exe"
O4 - HKCU\..\Run: [racpldlg] "C:\WINDOWS\System32\racpldlg.exe"
O4 - HKCU\..\Run: [jgaw400] "C:\WINDOWS\System32\jgaw400.exe"
O4 - HKCU\..\Run: [txflog] "C:\WINDOWS\System32\txflog.exe"
O4 - HKCU\..\Run: [cabinet] "C:\WINDOWS\System32\cabinet.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [kbdbu] "C:\WINDOWS\System32\kbdbu.exe"
O4 - HKCU\..\Run: [shlwapi] "C:\WINDOWS\System32\shlwapi.exe"
O4 - HKCU\..\Run: [wlnotify] "C:\WINDOWS\System32\wlnotify.exe"
O4 - HKCU\..\Run: [ntmssvc] "C:\WINDOWS\System32\ntmssvc.exe"
O4 - HKCU\..\Run: [mswebdvd] "C:\WINDOWS\System32\mswebdvd.exe"
O4 - HKCU\..\Run: [kbdal] "C:\WINDOWS\System32\kbdal.exe"
O4 - HKCU\..\Run: [ialmgdev] "C:\WINDOWS\System32\ialmgdev.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\System32\uniplat.exe"
O4 - HKCU\..\Run: [mindex] "C:\WINDOWS\System32\mindex.exe"
O4 - HKCU\..\Run: [pdh] "C:\WINDOWS\System32\pdh.exe"
O4 - HKCU\..\Run: [mfc42u] "C:\WINDOWS\System32\mfc42u.exe"
O4 - HKCU\..\Run: [certmgr] "C:\WINDOWS\System32\certmgr.exe"
O4 - HKCU\..\Run: [faultrep] "C:\WINDOWS\System32\faultrep.exe"
O4 - HKCU\..\Run: [odbc16gt] "C:\WINDOWS\System32\odbc16gt.exe"
O4 - HKCU\..\Run: [eventlog] "C:\WINDOWS\System32\eventlog.exe"
O4 - HKCU\..\Run: [wshext] "C:\WINDOWS\System32\wshext.exe"
O4 - HKCU\..\Run: [qedwipes] "C:\WINDOWS\System32\qedwipes.exe"
O4 - HKCU\..\Run: [feclient] "C:\WINDOWS\System32\feclient.exe"
O4 - HKCU\..\Run: [wmpui] "C:\WINDOWS\System32\wmpui.exe"
O4 - HKCU\..\Run: [comuid] "C:\WINDOWS\System32\comuid.exe"
O4 - HKCU\..\Run: [qmgr] "C:\WINDOWS\System32\qmgr.exe"
O4 - HKCU\..\Run: [dsound] "C:\WINDOWS\System32\dsound.exe"
O4 - HKCU\..\Run: [smlogcfg] "C:\WINDOWS\System32\smlogcfg.exe"
O4 - HKCU\..\Run: [srvsvc] "C:\WINDOWS\System32\srvsvc.exe"
O4 - HKCU\..\Run: [deskadp] "C:\WINDOWS\System32\deskadp.exe"
O4 - HKCU\..\Run: [autodisc] "C:\WINDOWS\System32\autodisc.exe"
O4 - HKCU\..\Run: [rtutils] "C:\WINDOWS\System32\rtutils.exe"
O4 - HKCU\..\Run: [fsusd] "C:\WINDOWS\System32\fsusd.exe"
O4 - HKCU\..\Run: [wowfax] "C:\WINDOWS\System32\wowfax.exe"
O4 - HKCU\..\Run: [dbmsrpcn] "C:\WINDOWS\System32\dbmsrpcn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = ?
O4 - Global Startup: Desktop Application Director 9.LNK = ?
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199756174781
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - (no file)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: qkihlbti - C:\WINDOWS\System32\qkihlbti.dll
O20 - Winlogon Notify: tnjfcfka - C:\WINDOWS\System32\tnjfcfka.dll
O20 - Winlogon Notify: winsqr32 - C:\WINDOWS\System32\winsqr32.dll (file missing)
O22 - SharedTaskScheduler: ineffulgent - {b585105c-0e84-4ef0-9c6a-fbe134a72945} - C:\WINDOWS\system32\ivrllc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\jmmmttmk.exe /service
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe -A
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.Exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: svcpack - Unknown owner - C:\WINDOWS\System32\svcpack.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 16900 bytes

-- Files created between 2007-12-08 and 2008-01-08 -----------------------------

2008-01-07 22:40:33 44928 --a------ C:\WINDOWS\System32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-01-07 22:10:35 0 d-------- C:\WINDOWS\System32\ActiveScan
2008-01-07 22:10:32 0 d-------- C:\WINDOWS\LastGood
2008-01-07 19:47:22 0 d-------- C:\ie-spyad_zo
2008-01-07 19:36:21 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-01-07 19:21:21 0 d-------- C:\Program Files\SpywareBlaster
2008-01-07 18:29:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-07 18:15:32 0 d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-01-06 14:54:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\InfeStop.com
2008-01-06 14:54:30 0 d-------- C:\Program Files\InfeStop
2008-01-05 21:45:31 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-05 21:44:59 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-01-04 23:33:49 0 d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\spy-rid.com
2008-01-04 23:33:44 0 d-------- C:\Program Files\Spy-Rid
2008-01-02 02:10:30 0 d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\EasySpywareCleaner.com
2008-01-02 02:10:25 0 d-------- C:\Program Files\EasySpywareCleaner
2007-12-28 18:27:20 0 d-------- C:\WINDOWS\Favorites
2007-12-28 17:02:13 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot
2007-12-28 17:01:52 0 d-------- C:\Program Files\Webroot
2007-12-28 17:01:52 0 d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\Webroot
2007-12-28 17:01:52 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-12-28 17:00:35 164 --a------ C:\install.dat
2007-12-23 11:22:18 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-12-23 11:22:18 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-12-23 11:22:18 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-12-23 11:22:18 0 d--h----- C:\Documents and Settings\Administrator\Recent
2007-12-23 11:22:18 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-12-23 11:22:18 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-12-23 11:22:18 0 d-------- C:\Documents and Settings\Administrator\My Documents
2007-12-23 11:22:18 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-12-23 11:22:18 0 d-------- C:\Documents and Settings\Administrator\Favorites
2007-12-23 11:22:18 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-12-23 11:22:18 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2007-12-23 11:22:18 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-12-23 11:22:18 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-12-23 11:22:17 5242880 --a------ C:\Documents and Settings\Administrator\NTUser.dat


-- Find3M Report ---------------------------------------------------------------

2008-01-08 01:04:19 0 d-------- C:\Program Files\QuickTime
2008-01-08 00:58:05 0 d-------- C:\Program Files\iTunes
2008-01-08 00:23:47 0 d-------- C:\Program Files\Google
2008-01-07 18:40:53 0 d-------- C:\Program Files\Viewpoint
2008-01-07 17:50:25 0 d-------- C:\Program Files\Common Files
2007-12-28 20:28:58 0 d-------- C:\Program Files\Online Services
2007-12-28 20:28:56 0 d-------- C:\Program Files\MSN Gaming Zone
2007-12-28 20:28:06 0 d-------- C:\Program Files\6cqqsf0r
2007-12-28 20:18:30 0 d-------- C:\Program Files\Windows NT
2007-12-06 14:17:49 36928 --a------ C:\WINDOWS\System32\tnjfcfka.dll
2007-12-06 14:14:39 36928 --a------ C:\WINDOWS\System32\edqwnqru.dll
2007-12-06 14:08:10 36928 --a------ C:\WINDOWS\System32\qkihlbti.dll
2007-12-03 01:01:17 73280 --a------ C:\WINDOWS\System32\pybmrayq.dll
2007-11-27 13:43:35 34545 --a------ C:\sysvqna.exe
2007-11-27 13:11:10 0 d-------- C:\Program Files\iConcepts Music Express
2007-11-27 13:10:36 0 d-------- C:\Program Files\NStorm
2007-11-27 01:03:12 0 d-------- C:\Program Files\EmpirePokerMaster
2007-11-26 13:21:52 0 d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\AVG7
2007-11-23 22:55:08 12800 --a-s---- C:\WINDOWS\System32\ivrllc.dll
2007-11-20 12:13:27 0 d-------- C:\Program Files\Qtbwnj
2007-11-16 20:35:38 0 d-------- C:\Program Files\Cool
2007-11-12 02:13:58 0 d-------- C:\Program Files\Gateway
2007-11-12 01:15:15 0 d-------- C:\Program Files\MySpace
2007-11-12 01:04:49 0 d-------- C:\Program Files\FastStone Photo Resizer
2007-10-29 23:24:09 221696 --a------ C:\WINDOWS\systeldd32.dll
2007-10-26 21:20:37 218 --a------ C:\WINDOWS\nitsys33.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA6D3DC-5327-4122-A52E-D06114743764}]
C:\WINDOWS\System32\mlljj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6AA9327-8DAD-4559-7AB3-20BAEA823D74}]
C:\Program Files\Outlook Express\quzajebi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F44D8E66-7BB6-49BD-A924-5E0368C00FD1}]
C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [07/10/2003 03:25 AM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [07/10/2003 03:13 AM]
"GWMDMMSG"="GWMDMMSG.exe" [05/06/2002 06:12 PM C:\WINDOWS\GWMDMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/02/2003 08:25 PM]
"IUgK6U"="C:\docume~1\owner~1.pri\locals~1\temp\IUgK6U.exe" []
"rasfont"="C:\WINDOWS\security\Database\rasfont.exe" []
"uvuditwh"="C:\WINDOWS\uvuditwh.exe" []
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/17/2004 11:20 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/07/2005 12:02 PM]
"fol"="C:\WINDOWS\fol.exe" []
"Etwawx"="C:\Program Files\Qtbwnj\Amoly.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [03/04/2005 03:36 AM]
"{77-7C-C8-8D-ZN}"="c:\windows\system32\dwdsrngt.exe" []
"ctfmona"="C:\WINDOWS\System32\ctfmona.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [10/01/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" []
"ulib"="C:\WINDOWS\System32\ulib.exe" []
"197_150_ni_1"="C:\WINDOWS\System32\197_150_ni_1.exe" []
"dbnetlib"="C:\WINDOWS\System32\dbnetlib.exe" []
"wiavusd"="C:\WINDOWS\System32\wiavusd.exe" []
"rsvpsp"="C:\WINDOWS\System32\rsvpsp.exe" []
"adsmsext"="C:\WINDOWS\System32\adsmsext.exe" []
"schannel"="C:\WINDOWS\System32\schannel.exe" []
"sisbkup"="C:\WINDOWS\System32\sisbkup.exe" []
"mll_hp"="C:\WINDOWS\System32\mll_hp.exe" []
"tdi-sonyomg"="C:\WINDOWS\System32\tdi-sonyomg.exe" []
"mchgrcoi"="C:\WINDOWS\System32\mchgrcoi.exe" []
"powrprof"="C:\WINDOWS\System32\powrprof.exe" []
"usp10"="C:\WINDOWS\System32\usp10.exe" []
"pngfilt"="C:\WINDOWS\System32\pngfilt.exe" []
"winhttp"="C:\WINDOWS\System32\winhttp.exe" []
"ipmontr"="C:\WINDOWS\System32\ipmontr.exe" []
"iuctl"="C:\WINDOWS\System32\iuctl.exe" []
"schedsvc"="C:\WINDOWS\System32\schedsvc.exe" []
"msisip"="C:\WINDOWS\System32\msisip.exe" []
"eglivecam_1028"="C:\WINDOWS\System32\eglivecam_1028.exe" []
"qedit"="C:\WINDOWS\System32\qedit.exe" []
"mspatcha"="C:\WINDOWS\System32\mspatcha.exe" []
"javacypt"="C:\WINDOWS\System32\javacypt.exe" []
"msr2cenu"="C:\WINDOWS\System32\msr2cenu.exe" []
"igmpagnt"="C:\WINDOWS\System32\igmpagnt.exe" []
"comctl32"="C:\WINDOWS\System32\comctl32.exe" []
"ftsrch"="C:\WINDOWS\System32\ftsrch.exe" []
"browsewm"="C:\WINDOWS\System32\browsewm.exe" []
"digest"="C:\WINDOWS\System32\digest.exe" []
"dpwsockx"="C:\WINDOWS\System32\dpwsockx.exe" []
"neth"="C:\WINDOWS\System32\neth.exe" []
"dmintf"="C:\WINDOWS\System32\dmintf.exe" []
"kbdlt1"="C:\WINDOWS\System32\kbdlt1.exe" []
"ir41_qcx"="C:\WINDOWS\System32\ir41_qcx.exe" []
"modemui"="C:\WINDOWS\System32\modemui.exe" []
"umpnpmgr"="C:\WINDOWS\System32\umpnpmgr.exe" []
"netapi"="C:\WINDOWS\System32\netapi.exe" []
"sccbase"="C:\WINDOWS\System32\sccbase.exe" []
"tapisrv"="C:\WINDOWS\System32\tapisrv.exe" []
"kbdla"="C:\WINDOWS\System32\kbdla.exe" []
"rasppp"="C:\WINDOWS\System32\rasppp.exe" []
"rdocurs"="C:\WINDOWS\System32\rdocurs.exe" []
"inetcomm"="C:\WINDOWS\System32\inetcomm.exe" []
"ntdsapi"="C:\WINDOWS\System32\ntdsapi.exe" []
"dbmsvinn"="C:\WINDOWS\System32\dbmsvinn.exe" []
"icmui"="C:\WINDOWS\System32\icmui.exe" []
"wiaservc"="C:\WINDOWS\System32\wiaservc.exe" []
"cnmlm38"="C:\WINDOWS\System32\cnmlm38.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/22/2007 02:00 PM]
"wupdinfo"="C:\WINDOWS\System32\wupdinfo.exe" []
"ezstub3"="C:\WINDOWS\System32\ezstub3.exe" []
"rtipxmib"="C:\WINDOWS\System32\rtipxmib.exe" []
"kbdazel"="C:\WINDOWS\System32\kbdazel.exe" []
"rdpcfgex"="C:\WINDOWS\System32\rdpcfgex.exe" []
"ntlsapi"="C:\WINDOWS\System32\ntlsapi.exe" []
"kbdnec"="C:\WINDOWS\System32\kbdnec.exe" []
"dmdlgs"="C:\WINDOWS\System32\dmdlgs.exe" []
"mswsock"="C:\WINDOWS\System32\mswsock.exe" []
"dispex"="C:\WINDOWS\System32\dispex.exe" []
"wifeman"="C:\WINDOWS\System32\wifeman.exe" []
"wiashext"="C:\WINDOWS\System32\wiashext.exe" []
"ds32gt"="C:\WINDOWS\System32\ds32gt.exe" []
"wtsapi32"="C:\WINDOWS\System32\wtsapi32.exe" []
"ialmgicd"="C:\WINDOWS\System32\ialmgicd.exe" []
"bszip"="C:\WINDOWS\System32\bszip.exe" []
"nmsapi"="C:\WINDOWS\System32\nmsapi.exe" []
"rtm"="C:\WINDOWS\System32\rtm.exe" []
"sfmapi"="C:\WINDOWS\System32\sfmapi.exe" []
"wmpcd"="C:\WINDOWS\System32\wmpcd.exe" []
"bidispl"="C:\WINDOWS\System32\bidispl.exe" []
"riched32"="C:\WINDOWS\System32\riched32.exe" []
"unimdmat"="C:\WINDOWS\System32\unimdmat.exe" []
"msencode"="C:\WINDOWS\System32\msencode.exe" []
"csh"="C:\WINDOWS\System32\csh.exe" []
"racpldlg"="C:\WINDOWS\System32\racpldlg.exe" []
"jgaw400"="C:\WINDOWS\System32\jgaw400.exe" []
"txflog"="C:\WINDOWS\System32\txflog.exe" []
"cabinet"="C:\WINDOWS\System32\cabinet.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 03:45 PM]
"kbdbu"="C:\WINDOWS\System32\kbdbu.exe" []
"shlwapi"="C:\WINDOWS\System32\shlwapi.exe" []
"wlnotify"="C:\WINDOWS\System32\wlnotify.exe" []
"ntmssvc"="C:\WINDOWS\System32\ntmssvc.exe" []
"mswebdvd"="C:\WINDOWS\System32\mswebdvd.exe" []
"kbdal"="C:\WINDOWS\System32\kbdal.exe" []
"ialmgdev"="C:\WINDOWS\System32\ialmgdev.exe" []
"uniplat"="C:\WINDOWS\System32\uniplat.exe" []
"mindex"="C:\WINDOWS\System32\mindex.exe" []
"pdh"="C:\WINDOWS\System32\pdh.exe" []
"mfc42u"="C:\WINDOWS\System32\mfc42u.exe" []
"certmgr"="C:\WINDOWS\System32\certmgr.exe" []
"faultrep"="C:\WINDOWS\System32\faultrep.exe" []
"odbc16gt"="C:\WINDOWS\System32\odbc16gt.exe" []
"eventlog"="C:\WINDOWS\System32\eventlog.exe" []
"wshext"="C:\WINDOWS\System32\wshext.exe" []
"qedwipes"="C:\WINDOWS\System32\qedwipes.exe" []
"feclient"="C:\WINDOWS\System32\feclient.exe" []
"wmpui"="C:\WINDOWS\System32\wmpui.exe" []
"comuid"="C:\WINDOWS\System32\comuid.exe" []
"qmgr"="C:\WINDOWS\System32\qmgr.exe" []
"dsound"="C:\WINDOWS\System32\dsound.exe" []
"smlogcfg"="C:\WINDOWS\System32\smlogcfg.exe" []
"srvsvc"="C:\WINDOWS\System32\srvsvc.exe" []
"deskadp"="C:\WINDOWS\System32\deskadp.exe" []
"autodisc"="C:\WINDOWS\System32\autodisc.exe" []
"rtutils"="C:\WINDOWS\System32\rtutils.exe" []
"fsusd"="C:\WINDOWS\System32\fsusd.exe" []
"wowfax"="C:\WINDOWS\System32\wowfax.exe" []
"dbmsrpcn"="C:\WINDOWS\System32\dbmsrpcn.exe" []
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/30/2001 04:30 AM]
"Spoolsv"="C:\WINDOWS\System32\spoolvs.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b585105c-0e84-4ef0-9c6a-fbe134a72945}"= C:\WINDOWS\System32\ivrllc.dll [11/23/2007 10:55 PM 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qkihlbti]
qkihlbti.dll 12/06/2007 02:08 PM 36928 C:\WINDOWS\system32\qkihlbti.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tnjfcfka]
tnjfcfka.dll 12/06/2007 02:17 PM 36928 C:\WINDOWS\system32\tnjfcfka.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsqr32]
winsqr32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\mlljj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

*Newly Created Service* - NMSCFG
*Newly Created Service* - RKPAVPROC
*Newly Created Service* - SDTHOOK
*Newly Created Service* - SSFS0BB9
*Newly Created Service* - SSHRMD
*Newly Created Service* - SSIDRV
*Newly Created Service* - VTBAOWGRBOKW



-- End of Deckard's System Scanner: finished at 2008-01-08 01:49:40 ------------

Logfile of HijackThis v1.99.1
Scan saved at 1:50:37 AM, on 1/8/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5AA6D3DC-5327-4122-A52E-D06114743764} - C:\WINDOWS\System32\mlljj.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: 0 - {D6AA9327-8DAD-4559-7AB3-20BAEA823D74} - C:\Program Files\Outlook Express\quzajebi.dll (file missing)
O2 - BHO: (no name) - {F44D8E66-7BB6-49BD-A924-5E0368C00FD1} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [IUgK6U] C:\docume~1\owner~1.pri\locals~1\temp\IUgK6U.exe
O4 - HKLM\..\Run: [rasfont] C:\WINDOWS\security\Database\rasfont.exe
O4 - HKLM\..\Run: [uvuditwh] C:\WINDOWS\uvuditwh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fol] C:\WINDOWS\fol.exe
O4 - HKLM\..\Run: [Etwawx] C:\Program Files\Qtbwnj\Amoly.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [{77-7C-C8-8D-ZN}] c:\windows\system32\dwdsrngt.exe CHD001
O4 - HKLM\..\Run: [ctfmona] C:\WINDOWS\System32\ctfmona.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ulib] C:\WINDOWS\System32\ulib.exe
O4 - HKCU\..\Run: [197_150_ni_1] C:\WINDOWS\System32\197_150_ni_1.exe
O4 - HKCU\..\Run: [dbnetlib] "C:\WINDOWS\System32\dbnetlib.exe"
O4 - HKCU\..\Run: [wiavusd] "C:\WINDOWS\System32\wiavusd.exe"
O4 - HKCU\..\Run: [rsvpsp] "C:\WINDOWS\System32\rsvpsp.exe"
O4 - HKCU\..\Run: [adsmsext] "C:\WINDOWS\System32\adsmsext.exe"
O4 - HKCU\..\Run: [schannel] "C:\WINDOWS\System32\schannel.exe"
O4 - HKCU\..\Run: [sisbkup] "C:\WINDOWS\System32\sisbkup.exe"
O4 - HKCU\..\Run: [mll_hp] "C:\WINDOWS\System32\mll_hp.exe"
O4 - HKCU\..\Run: [tdi-sonyomg] "C:\WINDOWS\System32\tdi-sonyomg.exe"
O4 - HKCU\..\Run: [mchgrcoi] "C:\WINDOWS\System32\mchgrcoi.exe"
O4 - HKCU\..\Run: [powrprof] "C:\WINDOWS\System32\powrprof.exe"
O4 - HKCU\..\Run: [usp10] "C:\WINDOWS\System32\usp10.exe"
O4 - HKCU\..\Run: [pngfilt] "C:\WINDOWS\System32\pngfilt.exe"
O4 - HKCU\..\Run: [winhttp] "C:\WINDOWS\System32\winhttp.exe"
O4 - HKCU\..\Run: [ipmontr] "C:\WINDOWS\System32\ipmontr.exe"
O4 - HKCU\..\Run: [iuctl] "C:\WINDOWS\System32\iuctl.exe"
O4 - HKCU\..\Run: [schedsvc] "C:\WINDOWS\System32\schedsvc.exe"
O4 - HKCU\..\Run: [msisip] "C:\WINDOWS\System32\msisip.exe"
O4 - HKCU\..\Run: [eglivecam_1028] "C:\WINDOWS\System32\eglivecam_1028.exe"
O4 - HKCU\..\Run: [qedit] "C:\WINDOWS\System32\qedit.exe"
O4 - HKCU\..\Run: [mspatcha] "C:\WINDOWS\System32\mspatcha.exe"
O4 - HKCU\..\Run: [javacypt] "C:\WINDOWS\System32\javacypt.exe"
O4 - HKCU\..\Run: [msr2cenu] "C:\WINDOWS\System32\msr2cenu.exe"
O4 - HKCU\..\Run: [igmpagnt] "C:\WINDOWS\System32\igmpagnt.exe"
O4 - HKCU\..\Run: [comctl32] "C:\WINDOWS\System32\comctl32.exe"
O4 - HKCU\..\Run: [ftsrch] "C:\WINDOWS\System32\ftsrch.exe"
O4 - HKCU\..\Run: [browsewm] "C:\WINDOWS\System32\browsewm.exe"
O4 - HKCU\..\Run: [digest] "C:\WINDOWS\System32\digest.exe"
O4 - HKCU\..\Run: [dpwsockx] "C:\WINDOWS\System32\dpwsockx.exe"
O4 - HKCU\..\Run: [neth] "C:\WINDOWS\System32\neth.exe"
O4 - HKCU\..\Run: [dmintf] "C:\WINDOWS\System32\dmintf.exe"
O4 - HKCU\..\Run: [kbdlt1] "C:\WINDOWS\System32\kbdlt1.exe"
O4 - HKCU\..\Run: [ir41_qcx] "C:\WINDOWS\System32\ir41_qcx.exe"
O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\System32\modemui.exe"
O4 - HKCU\..\Run: [umpnpmgr] "C:\WINDOWS\System32\umpnpmgr.exe"
O4 - HKCU\..\Run: [netapi] "C:\WINDOWS\System32\netapi.exe"
O4 - HKCU\..\Run: [sccbase] "C:\WINDOWS\System32\sccbase.exe"
O4 - HKCU\..\Run: [tapisrv] "C:\WINDOWS\System32\tapisrv.exe"
O4 - HKCU\..\Run: [kbdla] "C:\WINDOWS\System32\kbdla.exe"
O4 - HKCU\..\Run: [rasppp] "C:\WINDOWS\System32\rasppp.exe"
O4 - HKCU\..\Run: [rdocurs] "C:\WINDOWS\System32\rdocurs.exe"
O4 - HKCU\..\Run: [inetcomm] "C:\WINDOWS\System32\inetcomm.exe"
O4 - HKCU\..\Run: [ntdsapi] "C:\WINDOWS\System32\ntdsapi.exe"
O4 - HKCU\..\Run: [dbmsvinn] "C:\WINDOWS\System32\dbmsvinn.exe"
O4 - HKCU\..\Run: [icmui] "C:\WINDOWS\System32\icmui.exe"
O4 - HKCU\..\Run: [wiaservc] "C:\WINDOWS\System32\wiaservc.exe"
O4 - HKCU\..\Run: [cnmlm38] "C:\WINDOWS\System32\cnmlm38.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [wupdinfo] "C:\WINDOWS\System32\wupdinfo.exe"
O4 - HKCU\..\Run: [ezstub3] "C:\WINDOWS\System32\ezstub3.exe"
O4 - HKCU\..\Run: [rtipxmib] "C:\WINDOWS\System32\rtipxmib.exe"
O4 - HKCU\..\Run: [kbdazel] "C:\WINDOWS\System32\kbdazel.exe"
O4 - HKCU\..\Run: [rdpcfgex] "C:\WINDOWS\System32\rdpcfgex.exe"
O4 - HKCU\..\Run: [ntlsapi] "C:\WINDOWS\System32\ntlsapi.exe"
O4 - HKCU\..\Run: [kbdnec] "C:\WINDOWS\System32\kbdnec.exe"
O4 - HKCU\..\Run: [dmdlgs] "C:\WINDOWS\System32\dmdlgs.exe"
O4 - HKCU\..\Run: [mswsock] "C:\WINDOWS\System32\mswsock.exe"
O4 - HKCU\..\Run: [dispex] "C:\WINDOWS\System32\dispex.exe"
O4 - HKCU\..\Run: [wifeman] "C:\WINDOWS\System32\wifeman.exe"
O4 - HKCU\..\Run: [wiashext] "C:\WINDOWS\System32\wiashext.exe"
O4 - HKCU\..\Run: [ds32gt] "C:\WINDOWS\System32\ds32gt.exe"
O4 - HKCU\..\Run: [wtsapi32] "C:\WINDOWS\System32\wtsapi32.exe"
O4 - HKCU\..\Run: [ialmgicd] "C:\WINDOWS\System32\ialmgicd.exe"
O4 - HKCU\..\Run: [bszip] "C:\WINDOWS\System32\bszip.exe"
O4 - HKCU\..\Run: [nmsapi] "C:\WINDOWS\System32\nmsapi.exe"
O4 - HKCU\..\Run: [rtm] "C:\WINDOWS\System32\rtm.exe"
O4 - HKCU\..\Run: [sfmapi] "C:\WINDOWS\System32\sfmapi.exe"
O4 - HKCU\..\Run: [wmpcd] "C:\WINDOWS\System32\wmpcd.exe"
O4 - HKCU\..\Run: [bidispl] "C:\WINDOWS\System32\bidispl.exe"
O4 - HKCU\..\Run: [riched32] "C:\WINDOWS\System32\riched32.exe"
O4 - HKCU\..\Run: [unimdmat] "C:\WINDOWS\System32\unimdmat.exe"
O4 - HKCU\..\Run: [msencode] "C:\WINDOWS\System32\msencode.exe"
O4 - HKCU\..\Run: [csh] "C:\WINDOWS\System32\csh.exe"
O4 - HKCU\..\Run: [racpldlg] "C:\WINDOWS\System32\racpldlg.exe"
O4 - HKCU\..\Run: [jgaw400] "C:\WINDOWS\System32\jgaw400.exe"
O4 - HKCU\..\Run: [txflog] "C:\WINDOWS\System32\txflog.exe"
O4 - HKCU\..\Run: [cabinet] "C:\WINDOWS\System32\cabinet.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [kbdbu] "C:\WINDOWS\System32\kbdbu.exe"
O4 - HKCU\..\Run: [shlwapi] "C:\WINDOWS\System32\shlwapi.exe"
O4 - HKCU\..\Run: [wlnotify] "C:\WINDOWS\System32\wlnotify.exe"
O4 - HKCU\..\Run: [ntmssvc] "C:\WINDOWS\System32\ntmssvc.exe"
O4 - HKCU\..\Run: [mswebdvd] "C:\WINDOWS\System32\mswebdvd.exe"
O4 - HKCU\..\Run: [kbdal] "C:\WINDOWS\System32\kbdal.exe"
O4 - HKCU\..\Run: [ialmgdev] "C:\WINDOWS\System32\ialmgdev.exe"
O4 - HKCU\..\Run: [uniplat] "C:\WINDOWS\System32\uniplat.exe"
O4 - HKCU\..\Run: [mindex] "C:\WINDOWS\System32\mindex.exe"
O4 - HKCU\..\Run: [pdh] "C:\WINDOWS\System32\pdh.exe"
O4 - HKCU\..\Run: [mfc42u] "C:\WINDOWS\System32\mfc42u.exe"
O4 - HKCU\..\Run: [certmgr] "C:\WINDOWS\System32\certmgr.exe"
O4 - HKCU\..\Run: [faultrep] "C:\WINDOWS\System32\faultrep.exe"
O4 - HKCU\..\Run: [odbc16gt] "C:\WINDOWS\System32\odbc16gt.exe"
O4 - HKCU\..\Run: [eventlog] "C:\WINDOWS\System32\eventlog.exe"
O4 - HKCU\..\Run: [wshext] "C:\WINDOWS\System32\wshext.exe"
O4 - HKCU\..\Run: [qedwipes] "C:\WINDOWS\System32\qedwipes.exe"
O4 - HKCU\..\Run: [feclient] "C:\WINDOWS\System32\feclient.exe"
O4 - HKCU\..\Run: [wmpui] "C:\WINDOWS\System32\wmpui.exe"
O4 - HKCU\..\Run: [comuid] "C:\WINDOWS\System32\comuid.exe"
O4 - HKCU\..\Run: [qmgr] "C:\WINDOWS\System32\qmgr.exe"
O4 - HKCU\..\Run: [dsound] "C:\WINDOWS\System32\dsound.exe"
O4 - HKCU\..\Run: [smlogcfg] "C:\WINDOWS\System32\smlogcfg.exe"
O4 - HKCU\..\Run: [srvsvc] "C:\WINDOWS\System32\srvsvc.exe"
O4 - HKCU\..\Run: [deskadp] "C:\WINDOWS\System32\deskadp.exe"
O4 - HKCU\..\Run: [autodisc] "C:\WINDOWS\System32\autodisc.exe"
O4 - HKCU\..\Run: [rtutils] "C:\WINDOWS\System32\rtutils.exe"
O4 - HKCU\..\Run: [fsusd] "C:\WINDOWS\System32\fsusd.exe"
O4 - HKCU\..\Run: [wowfax] "C:\WINDOWS\System32\wowfax.exe"
O4 - HKCU\..\Run: [dbmsrpcn] "C:\WINDOWS\System32\dbmsrpcn.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolvs.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\alarm.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199756174781
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: qkihlbti - C:\WINDOWS\SYSTEM32\qkihlbti.dll
O20 - Winlogon Notify: tnjfcfka - C:\WINDOWS\SYSTEM32\tnjfcfka.dll
O20 - Winlogon Notify: winsqr32 - winsqr32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\jmmmttmk.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Inet Service - Unknown owner - C:\WINDOWS\System32\_svchost.exe (file missing)
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: svcpack - Unknown owner - C:\WINDOWS\System32\svcpack.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
dhult is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here