ps i forget to post the hijackthis log on my previous post
so i now will paste the main log below and attached the extra log also
Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-12 18:14:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
90: 2008-01-12 10:15:01 UTC - RP356 - Deckard's System Scanner Restore Point
89: 2008-01-12 09:19:45 UTC - RP355 - Software Distribution Service 3.0
88: 2008-01-06 08:40:41 UTC - RP354 - System Checkpoint
87: 2007-12-31 10:34:01 UTC - RP353 - System Checkpoint
86: 2007-12-30 05:13:07 UTC - RP352 - System Checkpoint
-- First Restore Point --
1: 2007-10-08 11:55:55 UTC - RP267 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
Total Physical Memory: 248 MiB (512 MiB recommended).
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-01-12 18:21:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Windows AdService\WinAdServ.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows AdService\WinAdSlave.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\gqgjoejh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qsg10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?linkid=677
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fol.singnet.com.sg:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
F0 - system.ini: Shell=explorer.exe C:\WINDOWS\system32\svohost.exe
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\svohost.exe
O2 - BHO: imGiantObj Class - {00000062-2E5F-4AF7-986E-5B64E0951A96} - C:\WINDOWS\imGiant.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\ddcywxx.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8A51900D-AF1E-4D1A-BA61-E7675A67A70d} - C:\WINDOWS\system32\hdsninvm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C6AD991A-0127-4555-9775-9A7CDC8DCF9A} - C:\WINDOWS\system32\awvts.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\spntfddr.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O2 - BHO: (no name) - {F4002052-AB29-4B33-8C8D-0E99084564EC} - C:\WINDOWS\system32\vtuspqr.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\qyhwcdtv.dll",forkonce
O4 - HKLM\..\Run: [Windows AdService] C:\Program Files\Windows AdService\WinAdServ.exe
O4 - HKLM\..\Run: [SYSTRAY] C:\UNMT.EXE
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\vljirkpm.dll",sitypnow
O4 - HKLM\..\RunServices: [Win32 USB2 Driver] usb2.exe
O4 - HKLM\..\RunServices: [System] rundl.exe
O4 - HKCU\..\Run: [Win32 USB2 Driver] usb2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [Bias Barb] C:\DOCUME~1\Owner\APPLIC~1\RDRFUN~1\dupe way boob.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Win32 USB2 Driver] usb2.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Win32 USB2 Driver] usb2.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe~
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/229?6cf0b46766374fe2a2db526893acfb41
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-sg\msntabres.dll.mui/230?6cf0b46766374fe2a2db526893acfb41
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} () -
http://static.windupdates.com/cab/62.../bridge-c6.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2870AA73-0682-4073-8A40-CE710F492E9D} () -
http://www.winicon.net/winicon/winicon.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed Class) -
http://www.singnet.com.sg/technical/.../SpeedCtrl.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} () -
http://cdn.drivecleaner.com/installd...eanerstart.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://apgateway.fngroup.com.sg/,Da...a+iNotes6W.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) -
http://www.ysbweb.com/ist/softwares/...sb_regular.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) -
http://cabs.media-motor.net/cabs/alien.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) -
https://apgateway.fngroup.com.sg/dan...erSetupSP1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: awvts - C:\WINDOWS\system32\awvts.dll
O20 - Winlogon Notify: ddcywxx - C:\WINDOWS\system32\ddcywxx.dll (file missing)
O20 - Winlogon Notify: urqqqqp - C:\WINDOWS\system32\urqqqqp.dll
O20 - Winlogon Notify: vtuspqr - C:\WINDOWS\system32\vtuspqr.dll (file missing)
O20 - Winlogon Notify: wvuutuu - C:\WINDOWS\system32\wvuutuu.dll
O21 - SSODL: syshelps - {5912C7BE-A0BC-4900-A74F-5590CC64CAC8} - systesrt32.dll (file missing)
O21 - SSODL: prodigy1 - {DE5CA026-A372-43B9-9F9B-4B9D6F7A03F2} - prodigys323.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\gqgjoejh.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Manager - Unknown owner - C:\WINDOWS\service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
--
End of file - 12463 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S2 npkcrypt - c:\program files\wizet\maplestory\npkcrypt.sys (file missing)
S3 AmeAtmPc - c:\windows\system32\drivers\ameatmpc.sys (file missing)
S3 Dua1 - c:\documents and settings\owner\desktop\dualengine2\dualengi.sys (file missing)
S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\windows\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - c:\windows\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management>
S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 DomainService - c:\windows\system32\gqgjoejh.exe /service <Not Verified; ; DDC>
S2 Service Manager - "c:\windows\service.exe" (file missing)
S2 UserAccess7 (SecuROM User Access Service (V7)) - c:\windows\system32\uaservice7.exe (file missing)
-- Device Manager: Disabled ----------------------------------------------------
Class GUID:
Description: 2Wire USB Remote NDIS Ethernet
Device ID: USB\VID_1630&PID_0042\5&126700AE&0&1
Manufacturer:
Name: 2Wire USB Remote NDIS Ethernet
PNP Device ID: USB\VID_1630&PID_0042\5&126700AE&0&1
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-01-12 18:19:35 364 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-01-12 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-01-12 18:00:00 260 --ah----- C:\WINDOWS\Tasks\AC2996A4918A12AC.job
2008-01-12 17:24:01 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-01-10 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-01-10 16:00:01 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-01-10 15:00:19 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-01-07 20:00:01 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-01-07 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-01-06 02:00:01 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-01-06 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-01-06 00:00:01 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-01-05 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-01-01 14:00:01 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-01-01 13:00:07 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-01-01 12:00:04 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-01-01 11:00:02 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-01-01 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-01-01 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-01-01 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-01-01 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-01-01 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-01-01 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-01-01 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-01-01 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2007-12-31 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2007-12-31 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
-- Files created between 2007-12-12 and 2008-01-12 -----------------------------
2007-12-30 04:09:26 94842 ---hs---- C:\WINDOWS\system32\stvwa.ini2
2007-12-27 16:22:25 0 d-------- C:\Documents and Settings\Owner\Application Data\Google
2007-12-24 11:46:24 37376 --a------ C:\WINDOWS\system32\qommnom.dll
2007-12-23 11:43:02 37376 --a------ C:\WINDOWS\system32\pmnonnn.dll
2007-12-22 11:39:55 37376 --a------ C:\WINDOWS\system32\khffcyw.dll
2007-12-22 09:35:23 37376 --a------ C:\WINDOWS\system32\ljjgfgg.dll
2007-12-21 23:56:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-12-21 23:49:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-12-21 23:48:21 0 d-------- C:\Program Files\Google
2007-12-21 23:32:28 37376 --a------ C:\WINDOWS\system32\urqqqqp.dll
2007-12-21 17:07:28 37376 --a------ C:\WINDOWS\system32\yayxuss.dll
2007-12-21 11:15:18 37376 --a------ C:\WINDOWS\system32\iiffded.dll
2007-12-21 09:30:03 37376 --a------ C:\WINDOWS\system32\wvuutuu.dll
2007-12-20 09:27:00 37376 --a------ C:\WINDOWS\system32\xxyvspp.dll
2007-12-19 14:26:41 37376 --a------ C:\WINDOWS\system32\iifdddd.dll
2007-12-18 14:22:34 37376 --a------ C:\WINDOWS\system32\nnnljhh.dll
2007-12-17 14:25:42 37376 --a------ C:\WINDOWS\system32\ljjkhfc.dll
2007-12-17 10:01:55 37376 --a------ C:\WINDOWS\system32\iiffcca.dll
2007-12-16 10:00:57 37376 --a------ C:\WINDOWS\system32\tuvurpo.dll
2007-12-14 20:55:12 37376 --a------ C:\WINDOWS\system32\gebyvss.dll
2007-12-13 08:29:25 0 d-------- C:\WINDOWS\network diagnostic
-- Find3M Report ---------------------------------------------------------------
2008-01-12 17:29:25 92566 ---hs---- C:\WINDOWS\system32\stvwa.bak2
2008-01-10 15:02:08 92489 ---hs---- C:\WINDOWS\system32\stvwa.bak1
2008-01-03 15:19:37 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-07 17:43:16 74260 --a------ C:\WINDOWS\system32\bmdndopp.exe
2007-12-06 17:41:26 74260 --a------ C:\WINDOWS\system32\jjrgwoiw.exe
2007-12-01 15:04:40 0 d-------- C:\Program Files\Gravity
2007-12-01 03:05:17 0 d-------- C:\Program Files\Windows Live Toolbar
2007-11-17 15:41:38 0 d-------- C:\Program Files\ZNRO Server
2007-11-06 08:09:40 75284 --a------ C:\WINDOWS\system32\bxchtirf.exe <Not Verified; ; DDC>
2007-11-05 09:18:28 75284 --a------ C:\WINDOWS\system32\xthsptxm.exe <Not Verified; ; DDC>
2007-11-04 09:18:16 75284 --a------ C:\WINDOWS\system32\olkxwafh.exe <Not Verified; ; DDC>
2007-11-03 09:18:16 75284 --a------ C:\WINDOWS\system32\qpxssoea.exe <Not Verified; ; DDC>
2007-11-02 19:16:01 75284 --a------ C:\WINDOWS\system32\xyhpipsy.exe <Not Verified; ; DDC>
2007-11-02 08:47:03 75284 --a------ C:\WINDOWS\system32\xcdrdwiu.exe <Not Verified; ; DDC>
2007-11-01 08:47:01 75284 --a------ C:\WINDOWS\system32\jtkbdqfq.exe <Not Verified; ; DDC>
2007-10-31 18:26:20 75284 --a------ C:\WINDOWS\system32\mmvhiiuq.exe <Not Verified; ; DDC>
2007-10-30 18:26:19 75284 --a------ C:\WINDOWS\system32\xkjrcwtx.exe <Not Verified; ; DDC>
2007-10-30 11:46:04 75284 --a------ C:\WINDOWS\system32\tblrdybv.exe <Not Verified; ; DDC>
2007-10-29 23:15:17 75284 --a------ C:\WINDOWS\system32\trmipexc.exe <Not Verified; ; DDC>
2007-10-29 21:52:02 75284 --a------ C:\WINDOWS\system32\gcdnrbsa.exe <Not Verified; ; DDC>
2007-10-28 21:52:01 75284 --a------ C:\WINDOWS\system32\pjjvrcqm.exe <Not Verified; ; DDC>
2007-10-28 20:54:11 75284 --a------ C:\WINDOWS\system32\tohgxykh.exe <Not Verified; ; DDC>
2007-10-27 20:53:01 75284 --a------ C:\WINDOWS\system32\mmguuvgx.exe <Not Verified; ; DDC>
2007-10-27 13:28:14 75284 --a------ C:\WINDOWS\system32\nvqnbdum.exe <Not Verified; ; DDC>
2007-10-27 10:15:10 75284 --a------ C:\WINDOWS\system32\pgfmdtmt.exe <Not Verified; ; DDC>
2007-10-26 07:54:31 75284 --a------ C:\WINDOWS\system32\ystjoign.exe <Not Verified; ; DDC>
2007-10-25 20:08:53 75284 --a------ C:\WINDOWS\system32\mujgktdw.exe <Not Verified; ; DDC>
2007-10-25 14:11:56 75284 --a------ C:\WINDOWS\system32\sfgvkoii.exe <Not Verified; ; DDC>
2007-10-24 14:18:15 75284 --a------ C:\WINDOWS\system32\jgcxxwpk.exe <Not Verified; ; DDC>
2007-10-24 14:03:50 75284 --a------ C:\WINDOWS\system32\tybvbile.exe <Not Verified; ; DDC>
2007-10-23 14:01:35 75284 --a------ C:\WINDOWS\system32\ljxurelg.exe <Not Verified; ; DDC>
2007-10-22 15:55:06 75284 --a------ C:\WINDOWS\system32\eykouuha.exe <Not Verified; ; DDC>
2007-10-22 13:44:30 75284 --a------ C:\WINDOWS\system32\hfbhjuvx.exe <Not Verified; ; DDC>
2007-10-21 13:44:30 75284 --a------ C:\WINDOWS\system32\kqjrllxw.exe <Not Verified; ; DDC>
2007-10-20 17:38:00 75284 --a------ C:\WINDOWS\system32\yqjvnoow.exe <Not Verified; ; DDC>
2007-10-19 17:35:48 75284 --a------ C:\WINDOWS\system32\qbawipqw.exe <Not Verified; ; DDC>
2007-10-19 09:03:32 75284 --a------ C:\WINDOWS\system32\dxtuseay.exe <Not Verified; ; DDC>
2007-10-18 08:16:45 75284 --a------ C:\WINDOWS\system32\huujpenv.exe <Not Verified; ; DDC>
2007-10-17 18:33:21 75284 --a------ C:\WINDOWS\system32\nfwrcbde.exe <Not Verified; ; DDC>
2007-10-16 18:35:58 75284 --a------ C:\WINDOWS\system32\moojbppu.exe <Not Verified; ; DDC>
2007-10-15 18:33:19 75284 --a------ C:\WINDOWS\system32\opgvcwhp.exe <Not Verified; ; DDC>
2007-10-14 18:32:59 75284 --a------ C:\WINDOWS\system32\nteobhjo.exe <Not Verified; ; DDC>
2007-10-14 17:05:44 75284 --a------ C:\WINDOWS\system32\ryahgept.exe <Not Verified; ; DDC>
2007-10-14 13:27:32 75284 --a------ C:\WINDOWS\system32\thvqfvym.exe <Not Verified; ; DDC>
2007-10-13 21:24:57 75284 --a------ C:\WINDOWS\system32\quqohebd.exe <Not Verified; ; DDC>
2007-10-13 19:40:52 75284 --a------ C:\WINDOWS\system32\lpwqtigm.exe <Not Verified; ; DDC>
2007-10-13 15:24:33 75284 --a------ C:\WINDOWS\system32\hklpclvn.exe <Not Verified; ; DDC>
2007-10-12 15:24:32 75284 --a------ C:\WINDOWS\system32\upwifrxf.exe <Not Verified; ; DDC>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000062-2E5F-4AF7-986E-5B64E0951A96}]
02/23/2005 05:33 PM 253952 --a------ C:\WINDOWS\imGiant.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\ddcywxx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8A51900D-AF1E-4D1A-BA61-E7675A67A70d}]
08/19/2007 04:15 PM 121364 --a------ C:\WINDOWS\system32\hdsninvm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}]
03/09/2005 02:00 PM 96256 --a------ C:\Program Files\SideFind\sfbho.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6AD991A-0127-4555-9775-9A7CDC8DCF9A}]
08/11/2007 12:04 PM 285273 --ahs---- C:\WINDOWS\system32\awvts.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF46BFB3-2ACC-441b-B82B-36B9562C7FF1}]
C:\WINDOWS\system32\spntfddr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}]
12/29/2005 01:19 PM 143360 --a------ C:\Program Files\PeDevice\PeDev.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F4002052-AB29-4B33-8C8D-0E99084564EC}]
C:\WINDOWS\system32\vtuspqr.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:31 PM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/17/2003 12:24 AM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/17/2003 12:25 AM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/17/2003 12:25 AM]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" []
"Power Scan"="C:\Program Files\Power Scan\powerscan.exe" [03/09/2005 02:00 PM]
"webrebates"="C:\Program Files\WebRebates4\webrebates.exe" []
"AlcxMonitor"="ALCXMNTR.EXE" [09/07/2004 01:47 PM C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/21/2007 03:10 AM]
"SystemOptimizer"="C:\WINDOWS\system32\qyhwcdtv.dll" []
"Windows AdService"="C:\Program Files\Windows AdService\WinAdServ.exe" [09/12/2007 07:24 PM]
"SYSTRAY"="C:\UNMT.EXE" []
"SearchIndexer"="C:\WINDOWS\system32\vljirkpm.dll" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"Win32 USB2 Driver"="usb2.exe" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 12:54 PM]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" []
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [10/16/2003 09:49 PM]
"Bias Barb"="C:\DOCUME~1\Owner\APPLIC~1\RDRFUN~1\dupe way boob.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [12/21/2007 11:49 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Win32 USB2 Driver"=usb2.exe
"System"=rundl.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Win32 USB2 Driver"=usb2.exe
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe~ [10/16/2003 9:46:08 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [7/7/2003 3:20:40 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/18/1999 4:05:56 AM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{F4002052-AB29-4B33-8C8D-0E99084564EC}"= C:\WINDOWS\system32\vtuspqr.dll [ ]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\ddcywxx.dll [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"syshelps"= {5912C7BE-A0BC-4900-A74F-5590CC64CAC8} - systesrt32.dll [ ]
"prodigy1"= {DE5CA026-A372-43B9-9F9B-4B9D6F7A03F2} - prodigys323.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="explorer.exe C:\WINDOWS\system32\svohost.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvts]
C:\WINDOWS\system32\awvts.dll 08/11/2007 12:04 PM 285273 C:\WINDOWS\system32\awvts.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcywxx]
ddcywxx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqqqqp]
urqqqqp.dll 12/21/2007 11:32 PM 37376 C:\WINDOWS\system32\urqqqqp.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuspqr]
vtuspqr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuutuu]
wvuutuu.dll 12/21/2007 09:30 AM 37376 C:\WINDOWS\system32\wvuutuu.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
-- Hosts -----------------------------------------------------------------------
127.0.0.1
www.trendmicro.com
127.0.0.1 trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 update.symantec.com
127.0.0.1
www.nai.com
127.0.0.1 nai.com
26 more entries in hosts file.
-- End of Deckard's System Scanner: finished at 2008-01-12 18:23:21 ------------