Tech Support Forum - View Single Post - Help!! CPU running slow, yellow triangle w/ exclamation pt and constant pop-ups

angelgirl30 · 04-25-2007, 01:07 PM

Hi,

Lately my computer has been running very slow (start up is also very slow) and I've been bombarded with constant pop-ups. I've also been experiencing strange icons in my system tray (yellow triangle with an explanation point in the centre of it as well as a red circle with an X through it). I've run Avast Anti-Virus and Ad-Aware SE with no success. Any help you can provide will be greatly appreciated. Thank you!!

Deckard's System Scanner v20070423.42
Run by Carla on 2007-04-25 at 15:22:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
93: 2007-04-25 19:23:04 UTC - RP2064 - Deckard's System Scanner Restore Point
92: 2007-04-25 18:33:34 UTC - RP2063 - Software Distribution Service 2.0
91: 2007-04-25 15:19:31 UTC - RP2062 - Software Distribution Service 2.0
90: 2007-04-25 04:34:21 UTC - RP2061 - Software Distribution Service 2.0
89: 2007-04-25 04:12:25 UTC - RP2060 - Software Distribution Service 2.0

-- First Restore Point --
1: 2007-01-25 20:47:45 UTC - RP1972 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Carla.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:31:14 PM, on 25/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\retadpu2000340.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\bak\Ares.exe
C:\Corel\Suite8\Programs\DAD8.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Free Sticky Notes\freenote.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Carla\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Carla.exe

F3 - REG:win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {121950A7-E2F1-4081-95B0-5997943736E2} - C:\WINDOWS\system32\ddcyy.dll
O2 - BHO: PsapiAnalyzer Object - {125399A6-E13D-42CE-A021-7F9069A79440} - c:\windows\fonts\pcreg.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp4.tmp.dll
O2 - BHO: (no name) - {30000273-8230-4dd4-be4f-6889d1e74167} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {B9697716-61E6-4FBC-89FD-EAC504D9EFE3} - C:\WINDOWS\system32\rqrsspp.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: (no name) - {c2dace2d-f27f-4591-97be-10c379cef2e6} - C:\WINDOWS\system32\lprcmd.dll (file missing)
O2 - BHO: (no name) - {C3F16958-9601-43E3-AC3C-6E89762079Ec} - C:\WINDOWS\system32\lbymhjxa.dll
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: msnhlp32.msn_hlp - {EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} - C:\WINDOWS\system32\msnhlp32.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Carla\Desktop\winstall.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000340.exe 61A847B5BBF72810329B385576F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E77DB6C0736AC53FD97CB77
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\veqgcgmy.dll",setvm
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DS Clock] "C:\Program Files\DS Clock\dsclock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\bak\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Shortcut to Free Sticky Notes.LNK = C:\Program Files\Free Sticky Notes\freenote.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://angelgirl76.spaces.live.com//...d/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photolab.ca/Upload/ImageUploader4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photolab.ca/en/Photo/ImageUploader3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} (ULcontrol Control) - https://pix.futureshop.ca/en/ulcontrolxp.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by119fd.bay119.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A8263D9-14C4-47C3-85CB-BB6E08033BE1}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{F191F77D-DE21-46B2-8C44-C9B6A0810F41}: NameServer = 85.255.114.27,85.255.112.89
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.27 85.255.112.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\system32\ddcyy.dll
O20 - Winlogon Notify: lprcmd - lprcmd.dll (file missing)
O20 - Winlogon Notify: pcreg - c:\windows\fonts\pcreg.dll
O20 - Winlogon Notify: rqrsspp - C:\WINDOWS\SYSTEM32\rqrsspp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbscoms.exe
O23 - Service: ML-2010 Status Monitor Service (SM_ml1600_FUService) - Unknown owner - C:\Program.exe (file missing)

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20060815-211037-227 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
backup-20060815-211037-251 R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchforfree.info/browser/
backup-20060815-211037-266 O15 - Trusted Zone: *.frame.crazywinnings.com
backup-20060815-211037-272 O15 - Trusted Zone: *.dapsol.com
backup-20060815-211037-280 O15 - Trusted Zone: *.dapsol.com (HKLM)
backup-20060815-211037-461 O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.co...x/HMAtchmt.ocx
backup-20060815-211037-574 R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
backup-20060815-211037-603 O15 - Trusted Zone: *.bestsearch.cc
backup-20060815-211037-606 O4 - HKLM\..\Run: [wintt.exe] C:\WINDOWS\system32\wintt.exe
backup-20060815-211037-710 O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
backup-20060815-211037-757 O15 - Trusted Zone: *.bestsearch.cc (HKLM)
backup-20060815-211037-784 O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
backup-20060815-211037-795 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchforfree.info/browser/
backup-20060815-211037-873 O4 - HKLM\..\RunServices: [ine] svchosts.exe
backup-20060815-211037-952 O15 - Trusted IP range: 206.161.125.149
backup-20060815-211037-970 O4 - HKLM\..\Run: [ine] svchosts.exe
backup-20060815-211038-461 O21 - SSODL: TLxSODndBFQ - {8CCF4E95-2665-E43F-A8F9-A03A8FFDAA1C} - C:\WINDOWS\System32\jlilkr.dll (file missing)
backup-20060829-192433-869 O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/087cfa0f...p/RdxIE601.cab

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Cdr4_xp - c:\windows\system32\drivers\cdr4_xp.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R1 Cdralw2k - c:\windows\system32\drivers\cdralw2k.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R1 cdudf_xp - c:\windows\system32\drivers\cdudf_xp.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R1 DVDVRRdr_xp - c:\windows\system32\drivers\dvdvrrdr_xp.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver; 7.0.0.162; 7.0.0.162>
R1 pwd_2k - c:\windows\system32\drivers\pwd_2k.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R1 SiSkp - c:\windows\system32\drivers\srvkp.sys <Verified; Silicon Integrated Systems Corporation; SiS (R) WindowsXP Display Manager; 6.14.10.3611; 6.14.10.3611>
R1 UDFReadr - c:\windows\system32\drivers\udfreadr.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1; 1.0.0.22; 1.1.1.30>
R3 dvd_2K - c:\windows\system32\drivers\dvd_2k.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R3 itchfltr (iTouch Keyboard Filter) - c:\windows\system32\drivers\itchfltr.sys <Verified; Logitech, Inc.; Logitech iTouch(TM); 2.10.251.0; 2.10.251.0>
R3 L8042pr2 (Logitech PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042pr2.sys <Verified; Logitech, Inc.; Logitech MouseWare(TM); 9.75.294.0; 9.75.294.0>
R3 mmc_2K - c:\windows\system32\drivers\mmc_2k.sys <Not Verified; Roxio; Drag-to-Disc; 7.0.0.162; 7.0.0.162>
R3 P0630VID (Creative WebCam Live!) - c:\windows\system32\drivers\p0630vid.sys <Verified; Creative Technology Ltd.; ; ; 1.00.01.00>
R3 SiS315 - c:\windows\system32\drivers\sisgrp.sys <Verified; Silicon Integrated Systems Corporation; SiS (R) Compatible Super VGA Miniport Driver for Windows XP; 6.14.10.3611; 6.14.10.3611>
R3 SISNIC (SiS PCI Fast Ethernet Adapter Driver) - c:\windows\system32\drivers\sisnic.sys <Not Verified; SiS Corporation; NDIS 5 NIC Driver; 1.13.02.00; 1.13.02.00 built by: WinDDK>

pe386 driver present

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; ; 8, 1, 0, 14; 8, 1, 0, 14>

S3 lxbs_device - c:\windows\system32\lxbscoms.exe -service <Verified; Lexmark International, Inc.; Lexmark Communication System; 1.27.12.0; 1.27.12.0>
S3 SM_ml1600_FUService (ML-2010 Status Monitor Service) - "c:\program files\samsung ml-2010 series\commonsm\ssmsrvc /service (file missing)

-- Files created between 2007-03-25 and 2007-04-25 -----------------------------

2007-04-25 15:02:52 0 d-------- C:\Program Files\SpywareBlaster
2007-04-24 22:29:18 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-04-24 21:28:35 208998 --a------ C:\WINDOWS\system32\rsnujvrb.exe
2007-04-24 21:28:35 2068 --a------ C:\WINDOWS\system32\glcpyjca.exe
2007-04-23 21:29:39 131604 --a------ C:\WINDOWS\system32\lbymhjxa.dll
2007-04-23 21:28:38 208998 --a------ C:\WINDOWS\system32\jbwwgvfq.exe
2007-04-23 21:28:28 2068 --a------ C:\WINDOWS\system32\iwkhtqfn.exe
2007-04-23 17:29:10 45056 -ra------ C:\WINDOWS\retadpu2000340.exe <Not Verified; ; updater Application; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-22 15:13:34 208998 --a------ C:\WINDOWS\system32\nfwjbqfj.exe
2007-04-22 15:13:33 2068 --a------ C:\WINDOWS\system32\gdgawoss.exe
2007-04-22 15:13:17 2068 --a------ C:\WINDOWS\system32\ctgidxii.exe
2007-04-21 15:13:19 208998 --a------ C:\WINDOWS\system32\vgqvkxjj.exe
2007-04-21 15:13:17 737339 ---hs---- C:\WINDOWS\system32\yycdd.bak2
2007-04-21 15:13:17 2068 --a------ C:\WINDOWS\system32\jwrvpfsk.exe
2007-04-21 05:32:34 44544 -ra------ C:\WINDOWS\updater.exe <Not Verified; ; updater Application; 1, 0, 0, 1; 1, 0, 0, 1>
2007-04-20 22:34:23 0 --a------ C:\WINDOWS\winhp32.exe
2007-04-20 22:32:45 123972 --a------ C:\WINDOWS\system32\veqgcgmy.dll
2007-04-20 15:24:07 18432 --a------ C:\WINDOWS\sysrlb32.exe <Not Verified; Microsoft Corp.; Project1; 1.00; 1.00>
2007-04-20 15:13:10 2068 --a------ C:\WINDOWS\system32\mmhgssdc.exe
2007-04-20 15:13:07 208998 --a------ C:\WINDOWS\system32\ceofmyyt.exe
2007-04-20 15:13:06 735951 ---hs---- C:\WINDOWS\system32\yycdd.bak1
2007-04-20 15:12:36 280660 ---hs---- C:\WINDOWS\system32\jkhhg.dll
2007-04-20 15:12:36 280660 ---hs---- C:\WINDOWS\system32\ddcyy.dll
2007-04-20 15

40 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-04-20 15

21 12 --a------ C:\WINDOWS\system32\sl.bin
2007-04-20 15:05:45 25856 --a------ C:\WINDOWS\vxddsk.exe
2007-04-20 15:05:44 19456 --a------ C:\WINDOWS\system32\wml.exe
2007-04-20 15:05:44 14848 --a------ C:\WINDOWS\system32\vxddsk.exe
2007-04-20 15:05:43 16896 --a------ C:\WINDOWS\wml.exe
2007-04-20 15:05:43 14848 --a------ C:\WINDOWS\SUSP.exe
2007-04-20 15:05:42 20992 --a------ C:\WINDOWS\satmat.exe
2007-04-20 15:05:40 22016 --a------ C:\WINDOWS\flt.dll
2007-04-20 15:05:40 23296 --a------ C:\WINDOWS\7search.dll
2007-04-20 15:05:39 21504 --a------ C:\WINDOWS\764.exe
2007-04-20 15:05:38 21760 --a------ C:\WINDOWS\stcloader.exe
2007-04-20 15:05:38 19456 --a------ C:\WINDOWS\pbar.dll
2007-04-20 15:05:37 8960 --a------ C:\WINDOWS\voiceip.dll
2007-04-20 15:05:37 17152 --a------ C:\WINDOWS\swin32.dll
2007-04-20 15:05:37 16128 --a------ C:\WINDOWS\cdsm32.dll
2007-04-20 15:05:36 11008 --a------ C:\WINDOWS\bokja.exe
2007-04-20 15:05:35 22528 --a------ C:\WINDOWS\mspphe.dll
2007-04-20 15:05:35 24320 --a------ C:\WINDOWS\bjam.dll
2007-04-20 15:05:32 28672 --a------ C:\WINDOWS\system32\MSIXU.DLL
2007-04-20 15:05:31 17664 --a------ C:\WINDOWS\system32\WER8274.DLL
2007-04-20 15:05:31 31232 --a------ C:\WINDOWS\180ax.exe
2007-04-20 15:05:29 25344 --a------ C:\WINDOWS\updatetc.exe
2007-04-20 15:05:29 9472 --a------ C:\WINDOWS\salm.exe
2007-04-20 15:05:28 9984 --a------ C:\WINDOWS\saiemod.dll
2007-04-20 15:05:21 21504 --a------ C:\WINDOWS\system32\msnhlp32.dll <Not Verified; Microsoft; Windows Explorer cdrom optimizer; 1.00.0048; 1.00.0048>
2007-04-20 15:05:18 17408 --a------ C:\WINDOWS\system32\tmrsrv32.exe <Not Verified; Microsoft; Timer Service; 1.00.0013; 1.00.0013>
2007-04-20 15:05:17 12 --a------ C:\WINDOWS\system32\gtv_sd.bin
2007-04-20 15:05:06 4669 --a------ C:\WINDOWS\1.exe
2007-04-20 15:04:57 81412 --a------ C:\WINDOWS\system32\idleserv.exe <Not Verified; Microsoft; IDLE component; 1.00.0064; 1.00.0064>
2007-04-20 15:04:55 12800 --a------ C:\WINDOWS\system32\user_32.dll <Not Verified; Home; Microsoft Internet Transfer; 1.00.0024; 1.00.0024>
2007-04-20 15:04:23 11612 --a------ C:\svhost.exe
2007-04-20 15:04:10 26694 --a------ C:\WINDOWS\system32\rqrsspp.dll
2007-04-20 15:04:00 4669 --a------ C:\1.exe
2007-04-12 20:31:44 1141 --a------ C:\WINDOWS\checkip.dat

-- Find3M Report ---------------------------------------------------------------

2007-04-24 23:17:23 0 d-------- C:\Program Files\MSN Messenger
2007-04-24 23:12:21 0 d-------- C:\Program Files\Free Sticky Notes
2007-04-24 23:12:15 0 d-------- C:\Program Files\ewido anti-spyware 4.0
2007-04-23 21:26:10 0 d-------- C:\Program Files\Lx_cats
2007-04-15 16:18:56 0 d-------- C:\Program Files\Ares
2007-04-15 12:43:26 0 d-------- C:\Program Files\TClockEx
2007-04-11 16:15:12 0 d-------- C:\Documents and Settings\Carla\Application Data\Skype
2007-02-06 21:51:37 0 --a------ C:\WINDOWS\system32\kernel32.exe

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{121950A7-E2F1-4081-95B0-5997943736E2} C:\WINDOWS\system32\ddcyy.dll
{125399A6-E13D-42CE-A021-7F9069A79440} c:\windows\fonts\pcreg.dll
{1557B435-8242-4686-9AA3-9265BF7525A4} C:\WINDOWS\system32\tmp4.tmp.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
{B9697716-61E6-4FBC-89FD-EAC504D9EFE3} C:\WINDOWS\system32\rqrsspp.dll
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
{c2dace2d-f27f-4591-97be-10c379cef2e6} C:\WINDOWS\system32\lprcmd.dll [x]
{C3F16958-9601-43E3-AC3C-6E89762079Ec} C:\WINDOWS\system32\lbymhjxa.dll
{EEFBE5D6-FEFF-4CB4-AA26-6A464090CB89} C:\WINDOWS\system32\msnhlp32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,_RunDLLEntry@16"
"Logitech Utility"="Logi_MwX.Exe"
"explorer"="C:\\Documents and Settings\\Carla\\Desktop\\winstall.exe"
"runner1"="C:\\WINDOWS\\retadpu2000340.exe 61A847B5BBF72810329B385576F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E77DB6C0736AC53FD97CB77"
"PrintDrive"="rundll32.exe \"C:\\WINDOWS\\system32\\veqgcgmy.dll\",setvm"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"DS Clock"="\"C:\\Program Files\\DS Clock\\dsclock.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ares"="\"C:\\Program Files\\Ares\\bak\\Ares.exe\" -h"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{8CCF4E94-0960-1033-0310-040829200002}"="\"C:\\Program Files\\Common Files\\{8CCF4E94-0960-1033-0310-040829200002}\\Update.exe\" mc-110-12-0001411"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
"{B9697716-61E6-4FBC-89FD-EAC504D9EFE3}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcyy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\lprcmd
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcreg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsspp

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

-- End of Deckard's System Scanner: finished at 2007-04-25 at 15:33:34 ---------