Show Posts

1

Tech Clinic / Help with a game

« on: June 18, 2005, 02:50:32 AM »

Help .. installed a game, Sacred, but when i tried to run it, I got this error :

a required system dll could not be loaded. please update your windows installation (#6000-1)

Can anyone help?

2

Tech Clinic / HijackLog stuff

« on: March 19, 2005, 03:57:24 AM »

OK, here is the fresh Hijackthis log :

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\IMPORTANT FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
O4 - HKCU\..\Run: [ares] "C:\MY DOCUMENTS\APEX\ARES.EXE" -h
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: STRINGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by12fd.bay12.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

3

Tech Clinic / HijackLog stuff

« on: March 14, 2005, 12:18:27 PM »

Well, that's good to know.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Ok, done that, and here are fresh logs from Findit and Hijackthis respectively :

Directory of C:\WINDOWS\SYSTEM

LXBKMA GID 40,613 10-20-04 10:33p lxbkma.GID
FOLDER HTT 13,122 06-23-04 1:42p folder.htt
DESKTOP INI 266 06-23-04 1:42p desktop.ini
JETERR35 GID 10,820 02-03-04 8:44p jeterr35.GID
FFASTLOG TXT 23,598 01-05-04 5:29p FFASTLOG.TXT
5 file(s) 88,419 bytes
0 dir(s) 7,635.86 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

------------------ Locate.com Results ------------------

No matches found.

------------ Strings.exe Qoologic Results ------------

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\SYSTEM\jesterss.dll: .aspack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\pccguide.exe\""
"PCCIOMON.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCIOMON.exe\""
"PCCClient.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCClient.exe\""
"Pop3trap.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\Pop3trap.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""

---------------> (Hijackthis log)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\IMPORTANT FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
O4 - HKCU\..\Run: [ares] "C:\MY DOCUMENTS\APEX\ARES.EXE" -h
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: STRINGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by12fd.bay12.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002144.cab

4

Tech Clinic / HijackLog stuff

« on: March 11, 2005, 12:47:37 PM »

This is a fresh Findit log :

XUREC DLL 227,104 03-10-05 1:15p XUREC.DLL
TTPI DLL 227,104 03-10-05 1:15p TTPI.DLL
RQUTETAB DLL 227,104 03-10-05 1:15p RQUTETAB.DLL
OCEPRO32 DLL 227,104 03-10-05 1:15p OCEPRO32.DLL
DDSPDIB DLL 227,104 03-10-05 1:15p DDSPDIB.DLL
REUTETAB DLL 227,104 03-10-05 1:15p REUTETAB.DLL
IVDKCS32 DLL 227,104 03-10-05 1:15p IVDKCS32.DLL
PGCN20 DLL 227,104 03-10-05 1:15p pgcn20.dll
UODERW~1 DLL 227,104 03-10-05 1:15p Uoderwater.dll
9 file(s) 2,043,936 bytes
0 dir(s) 7,608.05 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 1546-0CF5
Directory of C:\WINDOWS\SYSTEM

LXBKMA GID 40,613 10-20-04 10:33p lxbkma.GID
FOLDER HTT 13,122 06-23-04 1:42p folder.htt
DESKTOP INI 266 06-23-04 1:42p desktop.ini
JETERR35 GID 10,820 02-03-04 8:44p jeterr35.GID
FFASTLOG TXT 23,598 01-05-04 5:29p FFASTLOG.TXT
5 file(s) 88,419 bytes
0 dir(s) 7,608.05 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
xurec.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
ttpi.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
rqutetab.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
ocepro32.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
ddspdib.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
reutetab.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
ivdkcs32.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
pgcn20.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
uoderw~1.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K

9 items found: 9 files, 0 directories.
Total of file sizes: 2,043,936 bytes 1.95 M

------------ Strings.exe Qoologic Results ------------

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\SYSTEM\jesterss.dll: .aspack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\pccguide.exe\""
"PCCIOMON.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCIOMON.exe\""
"PCCClient.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCClient.exe\""
"Pop3trap.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\Pop3trap.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""

This is a fresh Hijackthislog :

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\IMPORTANT FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: STRINGS.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm410XXUS
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by12fd.bay12.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002144.cab

This is a fresh startdreck log :

»Registry
»Run Keys
»Current User
»Run
*NoAds="C:\PROGRAM FILES\NOADS\NOADS.EXE"
»RunOnce
»Default User
»Run
*NoAds="C:\PROGRAM FILES\NOADS\NOADS.EXE"
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*SpeedTouch USB Diagnostics="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*pccguide.exe="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
*PCCIOMON.exe="C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
*PCCClient.exe="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
*Pop3trap.exe="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
+Disabled
*Lexmark X1100 Series="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*PCCIOMON.exe="C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
*PCCPFW=C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\IMPORTANT FILES\SPYBOT - SEARCH & DESTROY\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
`HTML Application= [key or value does not exist]
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=C:\WINDOWS\WScript.exe "%1" %*
+.jse
*JSEFile=C:\WINDOWS\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=C:\WINDOWS\NOTEPAD.EXE %1
+.vbs
*VBSFile=C:\WINDOWS\WScript.exe "%1" %*
+.vbe
*VBEFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsh
*WSHFile=C:\WINDOWS\WScript.exe "%1" %*
+.wsf
*WSFFile=C:\WINDOWS\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Browser Helper Objects (LM)
»Files
»Autostart Folders
»Current User
*C:\WINDOWS\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\STRINGS.EXE
»Default User
*C:\WINDOWS\Start Menu\Programs\StartUp\Adobe Gamma Loader.lnk
*C:\WINDOWS\Start Menu\Programs\StartUp\STRINGS.EXE
»Local Machine
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\wininit.bak
*C:\WINDOWS\hosts
»System/Drivers
»Running Processes
+FFEF5995=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF6D71=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFE9AE1=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFEA8D9=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFEE41D=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
+FFFE016D=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
+FFFD9005=C:\WINDOWS\EXPLORER.EXE
+FFFD13F5=C:\WINDOWS\TASKMON.EXE
+FFFD3955=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFD53CD=C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
+FFFD70A5=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
+FFFD61D1=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
+FFFCB891=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
+FFFCC181=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
+FFFCF025=C:\PROGRAM FILES\NOADS\NOADS.EXE
+FFFC12A1=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFFB9335=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
+FFFA9F21=C:\WINDOWS\SYSTEM\INTERNAT.EXE
+FFFB6CE1=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFFA0A51=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFFB30B5=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
+FFFB7441=C:\WINDOWS\NOTEPAD.EXE
+FFF8BCC9=C:\IMPORTANT FILES\STARTDRECK.EXE
»NT Services
»Application specific

5

Tech Clinic / HijackLog stuff

« on: March 10, 2005, 06:19:31 AM »

Hey .. don't worry about it. Anyway, ok, i downloaded pocket killbox and deleted the files you asked me to.

i checked Hijackthis>>Open Misc Tools>>Open Hosts File Manager but i didn't see "127.0.0.1 localhost" so i left it.

This is the fresh Findit9xme.bat log :

MBEGGR~1 DLL 227,104 03-10-05 1:15p mbeggrpid.dll
LSRAS80N DLL 227,104 03-10-05 1:15p Lsras80n.dll
DNEML DLL 227,104 03-10-05 1:15p DNEML.DLL
LAIMG80N DLL 227,104 03-10-05 1:15p Laimg80n.dll
DOD9 DLL 227,104 03-10-05 1:15p DOD9.DLL
IJFRARED DLL 227,104 03-10-05 1:15p IJFRARED.DLL
DDDIM700 DLL 227,104 03-10-05 1:15p DDDIM700.DLL
LWPCD80N DLL 227,104 03-10-05 1:15p Lwpcd80n.dll
HKDLR32 DLL 227,104 03-10-05 1:15p HKDLR32.DLL
BIWMP3 DLL 227,104 03-10-05 1:15p biwmp3.dll
SIKIT432 DLL 227,104 03-10-05 1:15p SIKIT432.DLL
CZBINET DLL 227,104 03-10-05 1:15p CZBINET.DLL
LPKODAK DLL 227,104 03-10-05 1:15p Lpkodak.dll
IRDKCS32 DLL 227,104 03-10-05 1:15p IRDKCS32.DLL
SYNTFNT DLL 227,104 03-10-05 1:15p SYntfNT.dll
PACN1111 DLL 227,104 03-10-05 1:15p PACN1111.DLL
BYSEBALL DLL 227,104 03-10-05 1:15p BYseball.dll
SNS3D630 DLL 227,104 03-10-05 1:15p sns3d630.dll
QHSF DLL 217,088 12-10-04 11:48p QHSF.DLL
MUDXMLC DLL 217,088 12-10-04 11:48p mudxmlc.dll
PGTOREC DLL 217,088 12-10-04 11:48p PGTOREC.DLL
OGE2NLS DLL 217,088 12-10-04 11:48p OGE2NLS.DLL
JSNGLE DLL 217,088 12-10-04 11:48p Jsngle.dll
WUPASF DLL 217,088 12-10-04 11:48p wupasf.dll
EIEXCH32 DLL 217,088 12-10-04 11:48p EIEXCH32.DLL
AJMUI DLL 217,088 12-10-04 11:48p AJMUI.DLL
LMBKLCNP DLL 217,088 12-10-04 11:48p lmbklcnp.dll
MZANG DLL 217,088 12-10-04 11:48p MZANG.DLL
MBIQTZ32 DLL 217,088 12-10-04 11:48p MBIQTZ32.DLL
MTDART32 DLL 217,088 12-10-04 11:48p mtdart32.dll
WTDAP32 DLL 217,088 12-10-04 11:48p WTDAP32.DLL
CSMDLG32 DLL 217,088 12-10-04 11:48p CSMDLG32.DLL
MPXML3R DLL 217,088 12-10-04 11:48p MPXML3R.DLL
ORBCCR32 DLL 217,088 12-10-04 11:48p orbccr32.dll
34 file(s) 7,561,280 bytes
0 dir(s) 7,651.05 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 1546-0CF5
Directory of C:\WINDOWS\SYSTEM

VMSS <DIR> 03-07-05 7:10p vmss
WSXSVC <DIR> 03-07-05 7:10p wsxsvc
LXBKMA GID 40,613 10-20-04 10:33p lxbkma.GID
FOLDER HTT 13,122 06-23-04 1:42p folder.htt
DESKTOP INI 266 06-23-04 1:42p desktop.ini
JETERR35 GID 10,820 02-03-04 8:44p jeterr35.GID
FIZ2 1,057 01-21-04 12:32p fiz2
FIZ1 1,355 01-21-04 11:53a fiz1
KYF DAT 1,865,021 01-21-04 11:24a kyf.dat
FFASTLOG TXT 23,598 01-05-04 5:29p FFASTLOG.TXT
8 file(s) 1,955,852 bytes
2 dir(s) 7,651.04 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{25782FD8-7F18-DFC3-CF5A-437063ED4CE2}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
mbeggr~1.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
lsras80n.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
dneml.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
laimg80n.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
dod9.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
ijfrared.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
dddim700.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
lwpcd80n.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
hkdlr32.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
biwmp3.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
sikit432.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
czbinet.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
lpkodak.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
irdkcs32.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
syntfnt.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
pacn1111.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
byseball.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K
sns3d630.dll Thu Mar 10 2005 1:15:42p ..S.R 227,104 221.78 K

18 items found: 18 files, 0 directories.
Total of file sizes: 4,087,872 bytes 3.90 M

------------ Strings.exe Qoologic Results ------------

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\SYSTEM\jesterss.dll: .aspack
C:\WINDOWS\SYSTEM\fastvideoplayer.dll: .aspack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\QHSF.DLL: UMonitor
C:\WINDOWS\SYSTEM\mudxmlc.dll: UMonitor
C:\WINDOWS\SYSTEM\PGTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\OGE2NLS.DLL: UMonitor
C:\WINDOWS\SYSTEM\Jsngle.dll: UMonitor
C:\WINDOWS\SYSTEM\wupasf.dll: UMonitor
C:\WINDOWS\SYSTEM\EIEXCH32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AJMUI.DLL: UMonitor
C:\WINDOWS\SYSTEM\lmbklcnp.dll: UMonitor
C:\WINDOWS\SYSTEM\MZANG.DLL: UMonitor
C:\WINDOWS\SYSTEM\MBIQTZ32.DLL: UMonitor
C:\WINDOWS\SYSTEM\mtdart32.dll: UMonitor
C:\WINDOWS\SYSTEM\WTDAP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CSMDLG32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MPXML3R.DLL: UMonitor
C:\WINDOWS\SYSTEM\orbccr32.dll: UMonitor

----> i downloaded VX2 Finder.exe but couldnt run it. Something about it being only for ntsystems whatever.

And here is a fresh Hijackthis log :

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\ELITEKBW32.EXE
C:\WINDOWS\NEWSD.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\IMPORTANT FILES\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O2 - BHO: (no name) - {8E6354E6-9191-11D9-97A9-000C196928D0} - C:\WINDOWS\SYSTEM\BIHJ.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [antiware] C:\WINDOWS\SYSTEM\ELITEKBW32.EXE
O4 - HKLM\..\Run: [newsfeed12] C:\WINDOWS\newsd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: STRINGS.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm410XXUS
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.sp2[censored]ed.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.overpro.com
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by12fd.bay12.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/sg/games3.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {0CB2BD5A-7A80-4BA9-B49A-02DC51144BDF} (vciewer control) - http://www.thepaymentcentre.com/build/vciewer.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Download...Bridge-c135.cab
O16 - DPF: {FFFFFFFF-3C18-4A7E-A29D-E24F84B79BF1} - http://216.122.145.208/pi1_20.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002144.cab
O18 - Filter: text/html - {B464E07C-8F47-11D9-97A9-000C58C7C217} - C:\WINDOWS\SYSTEM\BIHJ.DLL
O18 - Filter: text/plain - {B464E07C-8F47-11D9-97A9-000C58C7C217} - C:\WINDOWS\SYSTEM\BIHJ.DLL

6

Tech Clinic / HijackLog stuff

« on: March 08, 2005, 11:12:30 AM »

Ok, sorry about that, here is the log from Findit :

DXCPROP DLL 217,088 12-10-04 11:48p DXCPROP.DLL
QHSF DLL 217,088 12-10-04 11:48p QHSF.DLL
DGDPMESH DLL 217,088 12-10-04 11:48p DGDPMESH.DLL
WSWIZDLL DLL 217,088 12-10-04 11:48p WSWIZDLL.DLL
DSDPMESH DLL 217,088 12-10-04 11:48p DSDPMESH.DLL
CXRDS DLL 217,088 12-10-04 11:48p CXRDS.DLL
NNSWAN16 DLL 217,088 12-10-04 11:48p NNSWAN16.DLL
DQRAWEX DLL 217,088 12-10-04 11:48p DQRAWEX.DLL
FMNTEXT DLL 217,088 12-10-04 11:48p FMNTEXT.DLL
PVPD DLL 217,088 12-10-04 11:48p PVPD.DLL
DUNHPAST DLL 217,088 12-10-04 11:48p DUNHPAST.DLL
RYASIG DLL 217,088 12-10-04 11:48p RYASIG.DLL
WJLDLB32 DLL 217,088 12-10-04 11:48p WJLDLB32.DLL
MGJAVA DLL 217,088 12-10-04 11:48p MGJAVA.DLL
DQCPCSVC DLL 217,088 12-10-04 11:48p DQCPCSVC.DLL
FEPWPP DLL 217,088 12-10-04 11:48p FEPWPP.DLL
MFWLTRES DLL 217,088 12-10-04 11:48p MFWLTRES.DLL
FSNTEXT DLL 217,088 12-10-04 11:48p FSNTEXT.DLL
MDRDO20 DLL 217,088 12-10-04 11:48p MDRDO20.DLL
RVOCURS DLL 217,088 12-10-04 11:48p RVOCURS.DLL
AEDCXC32 DLL 217,088 12-10-04 11:48p AEDCXC32.DLL
ODECNV32 DLL 217,088 12-10-04 11:48p ODECNV32.DLL
RCCHED32 DLL 217,088 12-10-04 11:48p RCCHED32.DLL
MFSTKPRP DLL 217,088 12-10-04 11:48p MFSTKPRP.DLL
VNAR332 DLL 217,088 12-10-04 11:48p VNAR332.DLL
MBVIDC32 DLL 217,088 12-10-04 11:48p MBVIDC32.DLL
PVCN1111 DLL 217,088 12-10-04 11:48p PVCN1111.DLL
LFXUSBCI DLL 217,088 12-10-04 11:48p LFXUSBCI.DLL
MSINCP16 DLL 217,088 12-10-04 11:48p MSINCP16.DLL
HBINK DLL 217,088 12-10-04 11:48p HBINK.DLL
MOCO30 DLL 217,088 12-10-04 11:48p MOCO30.DLL
EJCRYPT DLL 217,088 12-10-04 11:48p EJCRYPT.DLL
DYCPCSVC DLL 217,088 12-10-04 11:48p DYCPCSVC.DLL
OSE2PROX DLL 217,088 12-10-04 11:48p OSE2PROX.DLL
RUAUI DLL 217,088 12-10-04 11:48p RUAUI.DLL
MIWSOSP DLL 217,088 12-10-04 11:48p MIWSOSP.DLL
SDSFMON DLL 217,088 12-10-04 11:48p sdsfmon.dll
TZUMBVW DLL 217,088 12-10-04 11:48p TZUMBVW.DLL
ITSCLASS DLL 217,088 12-10-04 11:48p ITSCLASS.DLL
SMGE DLL 217,088 12-10-04 11:48p sMge.dll
MGLS31 DLL 217,088 12-10-04 11:48p MGLS31.DLL
MLBSYNC DLL 217,088 12-10-04 11:48p mlbsync.dll
LMRAS80N DLL 217,088 12-10-04 11:48p Lmras80n.dll
WNN32S16 DLL 217,088 12-10-04 11:48p WNN32S16.DLL
MYCD30 DLL 217,088 12-10-04 11:48p MYCD30.DLL
LE32 DLL 217,088 12-10-04 11:48p LE32.DLL
XWILEXR DLL 217,088 12-10-04 11:48p XWILEXR.DLL
IGSCLASS DLL 217,088 12-10-04 11:48p IGSCLASS.DLL
OSBC32 DLL 217,088 12-10-04 11:48p OSBC32.DLL
MZC250 DLL 217,088 12-10-04 11:48p MZC250.DLL
QHHNDLR DLL 217,088 12-10-04 11:48p QHHNDLR.DLL
CUSEQCHK DLL 217,088 12-10-04 11:48p CUSEQCHK.DLL
SPP32 DLL 217,088 12-10-04 11:48p SPP32.DLL
CGCARDKS DLL 217,088 12-10-04 11:48p CGCARDKS.DLL
MGDART32 DLL 217,088 12-10-04 11:48p mgdart32.dll
OQCOM400 DLL 217,088 12-10-04 11:48p OQCOM400.DLL
AYICAP32 DLL 217,088 12-10-04 11:48p AYICAP32.DLL
PTTOREC DLL 217,088 12-10-04 11:48p PTTOREC.DLL
TID32 DLL 217,088 12-10-04 11:48p TID32.DLL
DO7VB DLL 217,088 12-10-04 11:48p DO7VB.DLL
IRSTSCH DLL 217,088 12-10-04 11:48p IRSTSCH.DLL
DREML DLL 217,088 12-10-04 11:48p DREML.DLL
OLBCCP32 DLL 217,088 12-10-04 11:48p OLBCCP32.DLL
IGHLPAPI DLL 217,088 12-10-04 11:48p IGHLPAPI.DLL
VLSCRIPT DLL 217,088 12-10-04 11:48p VLSCRIPT.DLL
WJNMM DLL 217,088 12-10-04 11:48p WJNMM.DLL
PBPNDI DLL 217,088 12-10-04 11:48p PBPNDI.DLL
LP32 DLL 217,088 12-10-04 11:48p LP32.DLL
DGIME DLL 217,088 12-10-04 11:48p DGIME.DLL
DNDRM DLL 217,088 12-10-04 11:48p DNDRM.DLL
WU2HELP DLL 217,088 12-10-04 11:48p WU2HELP.DLL
ROASETUP DLL 217,088 12-10-04 11:48p ROASETUP.DLL
MYNETOBJ DLL 217,088 12-10-04 11:48p mynetobj.dll
OWBC32 DLL 217,088 12-10-04 11:48p owbc32.dll
MZWSTR10 DLL 217,088 12-10-04 11:48p MZWSTR10.DLL
BPOWSEUI DLL 217,088 12-10-04 11:48p BPOWSEUI.DLL
MELS31 DLL 217,088 12-10-04 11:48p MELS31.DLL
LWBKPP32 DLL 217,088 12-10-04 11:48p lwbkpp32.dll
LNLMA80N DLL 217,088 12-10-04 11:48p Lnlma80n.dll
IEETWH32 DLL 217,088 12-10-04 11:48p Ieetwh32.dll
AYFSIPC DLL 217,088 12-10-04 11:48p ayfsipc.dll
LHGIF80N DLL 217,088 12-10-04 11:48p Lhgif80n.dll
OKCCLI32 DLL 217,088 12-10-04 11:48p okccli32.dll
UQDERW~1 DLL 217,088 12-10-04 11:48p Uqderwater.dll
WVDMPS DLL 217,088 12-10-04 11:48p wvdmps.dll
BESEBALL DLL 217,088 12-10-04 11:48p BEseball.dll
TDKATI~1 DLL 217,088 12-10-04 11:48p TdkatiRedistributor.dll
MYOEACCT DLL 217,088 12-10-04 11:48p myoeacct.dll
LEBKLCNP DLL 217,088 12-10-04 11:48p lebklcnp.dll
LWLMB80N DLL 217,088 12-10-04 11:48p Lwlmb80n.dll
LTPCD80N DLL 217,088 12-10-04 11:48p Ltpcd80n.dll
DUMM DLL 217,088 12-10-04 11:48p dumm.dll
JJPL400 DLL 217,088 12-10-04 11:48p jjpl400.dll
JBAW400 DLL 217,088 12-10-04 11:48p jbaw400.dll
WNSPDMOE DLL 217,088 12-10-04 11:48p wnspdmoe.dll
WHSDMOE2 DLL 217,088 12-10-04 11:48p whsdmoe2.dll
MUVCIRT DLL 217,088 12-10-04 11:48p muvcirt.dll
MUDXMLC DLL 217,088 12-10-04 11:48p mudxmlc.dll
RMATHUNK DLL 217,088 12-10-04 11:48p RMATHUNK.DLL
MOJT3032 DLL 217,088 12-10-04 11:48p MOJT3032.DLL
LWMAC80N DLL 217,088 12-10-04 11:48p Lwmac80n.dll
MPVCRT20 DLL 217,088 12-10-04 11:48p MPVCRT20.DLL
MLLS31 DLL 217,088 12-10-04 11:48p MLLS31.DLL
MCWDAT10 DLL 217,088 12-10-04 11:48p mcwdat10.dll
RLCRES DLL 217,088 12-10-04 11:48p RLCRES.dll
MTJINT40 DLL 217,088 12-10-04 11:48p mtjint40.dll
AVCTRES DLL 217,088 12-10-04 11:48p avctres.dll
RFCRES DLL 217,088 12-10-04 11:48p RFCRES.dll
LETHK80W DLL 217,088 12-10-04 11:48p Lethk80w.dll
EEENU DLL 217,088 12-10-04 11:48p eeenu.dll
DV120F~1 DLL 217,088 12-10-04 11:48p DV120fc7_32.dll
LBBKCLR2 DLL 217,088 12-10-04 11:48p lbbkclr2.dll
MJSTERY DLL 217,088 12-10-04 11:48p Mjstery.dll
SNMREDIR DLL 217,088 12-10-04 11:48p SnmRedir.dll
BVSEBALL DLL 217,088 12-10-04 11:48p BVseball.dll
LABKUIR DLL 217,088 12-10-04 11:48p labkuir.dll
SBEM0409 DLL 217,088 12-10-04 11:48p SBEM0409.DLL
XGILEXR DLL 217,088 12-10-04 11:48p XGILEXR.DLL
MDJTER35 DLL 217,088 12-10-04 11:48p MDJTER35.DLL
VSB32 DLL 217,088 12-10-04 11:48p VSB32.DLL
COET16 DLL 217,088 12-10-04 11:48p COET16.DLL
PFSPL DLL 217,088 12-10-04 11:48p PFSPL.DLL
CXSEQCHK DLL 217,088 12-10-04 11:48p CXSEQCHK.DLL
AOKRNL32 DLL 217,088 12-10-04 11:48p AOKRNL32.DLL
LEBKPSW DLL 217,088 12-10-04 11:48p lebkpsw.dll
WBPDXM DLL 217,088 12-10-04 11:48p wbpdxm.dll
MRSLGN32 DLL 217,088 12-10-04 11:48p MRSLGN32.DLL
SBORAGE DLL 217,088 12-10-04 11:48p SBORAGE.DLL
OGCCLI32 DLL 217,088 12-10-04 11:48p ogccli32.dll
MO3216 DLL 217,088 12-10-04 11:48p MO3216.DLL
OCECLI32 DLL 217,088 12-10-04 11:48p OCECLI32.DLL
SGMREDIR DLL 217,088 12-10-04 11:48p SgmRedir.dll
DZD9 DLL 217,088 12-10-04 11:48p DZD9.DLL
TDUMBVW DLL 217,088 12-10-04 11:48p TDUMBVW.DLL
FNWPP DLL 217,088 12-10-04 11:48p FNWPP.DLL
IK50_QCX DLL 217,088 12-10-04 11:48p IK50_QCX.DLL
SSORAGE DLL 217,088 12-10-04 11:48p SSORAGE.DLL
ADYCFILT DLL 217,088 12-10-04 11:48p ADYCFILT.DLL
MRCO30 DLL 217,088 12-10-04 11:48p MRCO30.DLL
SNROBJ DLL 217,088 12-10-04 11:48p SNROBJ.DLL
RFCNCL DLL 217,088 12-10-04 11:48p RFCNCL.DLL
DBIDEO DLL 217,088 12-10-04 11:48p DBIDEO.DLL
FCOD DLL 217,088 12-10-04 11:48p fcod.dll
TNOLHELP DLL 217,088 12-10-04 11:48p TNOLHELP.DLL
ULL DLL 217,088 12-10-04 11:48p ULL.DLL
IOMIGRAT DLL 217,088 12-10-04 11:48p IOMIGRAT.DLL
SOSCRAP DLL 217,088 12-10-04 11:48p SOSCRAP.DLL
OXE2NLS DLL 217,088 12-10-04 11:48p OXE2NLS.DLL
AQRULES DLL 217,088 12-10-04 11:48p aqrules.dll
CKUINF32 DLL 217,088 12-10-04 11:48p CKUINF32.DLL
HMSETUP DLL 217,088 12-10-04 11:48p hmsetup.dll
DPDRM DLL 217,088 12-10-04 11:48p DPDRM.DLL
TGEMBED DLL 217,088 12-10-04 11:48p tGembed.dll
MLPATCHA DLL 217,088 12-10-04 11:48p mlpatcha.dll
PYDX5032 DLL 217,088 12-10-04 11:48p pydx5032.dll
PDCRT DLL 217,088 12-10-04 11:48p pdcrt.dll
DLD9 DLL 217,088 12-10-04 11:48p DLD9.DLL
AODCXC32 DLL 217,088 12-10-04 11:48p AODCXC32.DLL
MUDART32 DLL 217,088 12-10-04 11:48p mudart32.dll
RZCLTSPX DLL 217,088 12-10-04 11:48p RZCLTSPX.DLL
WYHEXT DLL 217,088 12-10-04 11:48p WYHEXT.DLL
LRBKPSW DLL 217,088 12-10-04 11:48p lrbkpsw.dll
LUXBCE DLL 217,088 12-10-04 11:48p LuxBce.Dll
OZBCJI32 DLL 217,088 12-10-04 11:48p ozbcji32.dll
DIBAND DLL 217,088 12-10-04 11:48p DIBAND.DLL
PGTOREC DLL 217,088 12-10-04 11:48p PGTOREC.DLL
WFVDMOE DLL 217,088 12-10-04 11:48p wfvdmoe.dll
CMT32 DLL 217,088 12-10-04 11:48p CMT32.DLL
AJPXEC32 DLL 217,088 12-10-04 11:48p AJPXEC32.DLL
QCWMCI32 DLL 217,088 12-10-04 11:48p QCWMCI32.DLL
MIBE DLL 217,088 12-10-04 11:48p mibe.dll
OGE2NLS DLL 217,088 12-10-04 11:48p OGE2NLS.DLL
RJCNCL DLL 217,088 12-10-04 11:48p RJCNCL.DLL
LSXP2P32 DLL 217,088 12-10-04 11:48p lsxp2p32.dll
CKFVIEW DLL 217,088 12-10-04 11:48p ckfview.dll
OVECLI32 DLL 217,088 12-10-04 11:48p OVECLI32.DLL
SHLWOA DLL 217,088 12-10-04 11:48p shlwoa.dll
SELSTR DLL 217,088 12-10-04 11:48p selstr.dll
PITOREC DLL 217,088 12-10-04 11:48p PITOREC.DLL
LZAVI80N DLL 217,088 12-10-04 11:48p Lzavi80n.dll
MZOEACCT DLL 217,088 12-10-04 11:48p mzoeacct.dll
NGTAPI32 DLL 217,088 12-10-04 11:48p NGTAPI32.DLL
IISAPI32 DLL 217,088 12-10-04 11:48p IISAPI32.DLL
TBKATI~1 DLL 217,088 12-10-04 11:48p TbkatiClient.dll
OMCCLI32 DLL 217,088 12-10-04 11:48p omccli32.dll
DFWSOCK DLL 217,088 12-10-04 11:48p DFWSOCK.DLL
VCA6 DLL 217,088 12-10-04 11:48p VCA6.DLL
MRVCRT DLL 217,088 12-10-04 11:48p MRVCRT.DLL
WDASPI32 DLL 217,088 12-10-04 11:48p WDASPI32.DLL
PPCRT DLL 217,088 12-10-04 11:48p ppcrt.dll
WSPASF DLL 217,088 12-10-04 11:48p wspasf.dll
JSNGLE DLL 217,088 12-10-04 11:48p Jsngle.dll
TXKATI~1 DLL 217,088 12-10-04 11:48p TxkatiClientInstaller.dll
RNVPSP DLL 217,088 12-10-04 11:48p RNVPSP.DLL
SBMSCRPT DLL 217,088 12-10-04 11:48p SBMSCRPT.DLL
MKBE DLL 217,088 12-10-04 11:48p mkbe.dll
IQFG95 DLL 217,088 12-10-04 11:48p iqfg95.dll
RXBOEX32 DLL 217,088 12-10-04 11:48p rxboex32.dll
IKWPHBK DLL 217,088 12-10-04 11:48p ikwphbk.dll
WZN32S16 DLL 217,088 12-10-04 11:48p WZN32S16.DLL
MTIMRT32 DLL 217,088 12-10-04 11:48p MTIMRT32.DLL
AZFSIPC DLL 217,088 12-10-04 11:48p azfsipc.dll
RECHED20 DLL 217,088 12-10-04 11:48p RECHED20.DLL
SNRAPI DLL 217,088 12-10-04 11:48p SNRAPI.DLL
OJMREG DLL 217,088 12-10-04 11:48p OJMREG.DLL
JPAW400 DLL 217,088 12-10-04 11:48p jpaw400.dll
GRHAND DLL 217,088 12-10-04 11:48p grhand.dll
MVPIU DLL 217,088 12-10-04 11:48p MVPIU.DLL
MNXML3A DLL 217,088 12-10-04 11:48p MNXML3A.DLL
FIPWPP DLL 217,088 12-10-04 11:48p FIPWPP.DLL
FLWPP DLL 217,088 12-10-04 11:48p FLWPP.DLL
MERATING DLL 217,088 12-10-04 11:48p MERATING.DLL
RCATHUNK DLL 217,088 12-10-04 11:48p RCATHUNK.DLL
IKM32 DLL 217,088 12-10-04 11:48p IKM32.DLL
OBE2PROX DLL 217,088 12-10-04 11:48p OBE2PROX.DLL
LRLMB80N DLL 217,088 12-10-04 11:48p Lrlmb80n.dll
NCICD DLL 217,088 12-10-04 11:48p NCICD.DLL
MCSTKPRP DLL 217,088 12-10-04 11:48p MCSTKPRP.DLL
MHJINT40 DLL 217,088 12-10-04 11:48p mhjint40.dll
SUS3D630 DLL 217,088 12-10-04 11:48p sus3d630.dll
LKBKUPDR DLL 217,088 12-10-04 11:48p lkbkupdr.dll
SIELL DLL 217,088 12-10-04 11:48p SIELL.DLL
MQVCRT DLL 217,088 12-10-04 11:48p MQVCRT.DLL
PJTOREC DLL 217,088 12-10-04 11:48p PJTOREC.DLL
WJSDMOE2 DLL 217,088 12-10-04 11:48p wjsdmoe2.dll
USDM16 DLL 217,088 12-10-04 11:48p USDM16.DLL
LDPCX80N DLL 217,088 12-10-04 11:48p Ldpcx80n.dll
POPD32 DLL 217,088 12-10-04 11:48p POPD32.DLL
MZFS2 DLL 217,088 12-10-04 11:48p MZFS2.DLL
MNCPXL32 DLL 217,088 12-10-04 11:48p MNCPXL32.DLL
XBILEXR DLL 217,088 12-10-04 11:48p XBILEXR.DLL
JASH400 DLL 217,088 12-10-04 11:48p jash400.dll
QSHNDLR DLL 217,088 12-10-04 11:48p QSHNDLR.DLL
LVLMA80N DLL 217,088 12-10-04 11:48p Lvlma80n.dll
MKJT3032 DLL 217,088 12-10-04 11:48p MKJT3032.DLL
QQGR DLL 217,088 12-10-04 11:48p QQGR.DLL
ADCTRES DLL 217,088 12-10-04 11:48p adctres.dll
MGPRINT DLL 217,088 12-10-04 11:48p MGPRINT.DLL
LKMAC80N DLL 217,088 12-10-04 11:48p Lkmac80n.dll
NOSWAN16 DLL 217,088 12-10-04 11:48p NOSWAN16.DLL
RACNS4 DLL 217,088 12-10-04 11:48p RACNS4.DLL
FGWPP DLL 217,088 12-10-04 11:48p FGWPP.DLL
HAINKPRX DLL 217,088 12-10-04 11:48p HAINKPRX.DLL
MIMCI2 DLL 217,088 12-10-04 11:48p MIMCI2.DLL
DSTMSFT DLL 217,088 12-10-04 11:48p DSTMSFT.DLL
DYMSSHRN DLL 217,088 12-10-04 11:48p dymsshrn.dll
DHCOMPOS DLL 217,088 12-10-04 11:48p DHCOMPOS.DLL
247 file(s) 53,620,736 bytes
0 dir(s) 7,697.98 MB free

------- Hidden Files in System Directory -------

Volume in drive C has no label
Volume Serial Number is 1546-0CF5
Directory of C:\WINDOWS\SYSTEM

VMSS <DIR> 03-07-05 7:10p vmss
WSXSVC <DIR> 03-07-05 7:10p wsxsvc
LXBKMA GID 40,613 10-20-04 10:33p lxbkma.GID
FOLDER HTT 13,122 06-23-04 1:42p folder.htt
DESKTOP INI 266 06-23-04 1:42p desktop.ini
JETERR35 GID 10,820 02-03-04 8:44p jeterr35.GID
FIZ2 1,057 01-21-04 12:32p fiz2
FIZ1 1,355 01-21-04 11:53a fiz1
KYF DAT 1,865,021 01-21-04 11:24a kyf.dat
FFASTLOG TXT 23,598 01-05-04 5:29p FFASTLOG.TXT
8 file(s) 1,955,852 bytes
2 dir(s) 7,697.97 MB free

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{6122F8E0-90E6-11D9-97A9-000C7629D3F9}"=""

------------------ Locate.com Results ------------------

C:\WINDOWS\SYSTEM\
dxcprop.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
qhsf.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dgdpmesh.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wswizdll.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dsdpmesh.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
cxrds.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
nnswan16.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dqrawex.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
fmntext.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pvpd.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dunhpast.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ryasig.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wjldlb32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mgjava.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dqcpcsvc.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
fepwpp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mfwltres.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
fsntext.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mdrdo20.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rvocurs.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
aedcxc32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
odecnv32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rcched32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mfstkprp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
vnar332.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mbvidc32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pvcn1111.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lfxusbci.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
msincp16.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
hbink.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
moco30.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ejcrypt.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dycpcsvc.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ose2prox.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ruaui.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
miwsosp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
sdsfmon.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
tzumbvw.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
itsclass.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
smge.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mgls31.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mlbsync.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lmras80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wnn32s16.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mycd30.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
le32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
xwilexr.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
igsclass.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
osbc32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mzc250.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
qhhndlr.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
cuseqchk.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
spp32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
cgcardks.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mgdart32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
oqcom400.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ayicap32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pttorec.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
tid32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
do7vb.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
irstsch.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dreml.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
olbccp32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ighlpapi.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
vlscript.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wjnmm.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pbpndi.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lp32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dgime.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dndrm.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wu2help.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
roasetup.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mynetobj.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
owbc32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mzwstr10.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
bpowseui.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mels31.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lwbkpp32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lnlma80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ieetwh32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ayfsipc.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lhgif80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
okccli32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
uqderw~1.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wvdmps.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
beseball.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
tdkati~1.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
myoeacct.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lebklcnp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lwlmb80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ltpcd80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dumm.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
jjpl400.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
jbaw400.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wnspdmoe.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
whsdmoe2.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
muvcirt.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mudxmlc.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rmathunk.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mojt3032.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lwmac80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mpvcrt20.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mlls31.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mcwdat10.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rlcres.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mtjint40.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
avctres.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rfcres.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lethk80w.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
eeenu.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dv120f~1.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lbbkclr2.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mjstery.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
snmredir.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
bvseball.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
labkuir.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
sbem0409.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
xgilexr.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mdjter35.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
vsb32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
coet16.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pfspl.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
cxseqchk.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
aokrnl32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lebkpsw.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wbpdxm.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mrslgn32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
sborage.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ogccli32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mo3216.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ocecli32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
sgmredir.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dzd9.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
tdumbvw.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
fnwpp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ik50_qcx.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ssorage.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
adycfilt.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mrco30.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
snrobj.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rfcncl.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dbideo.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
fcod.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
tnolhelp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ull.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
iomigrat.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
soscrap.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
oxe2nls.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
aqrules.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ckuinf32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
hmsetup.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dpdrm.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
tgembed.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mlpatcha.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pydx5032.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pdcrt.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dld9.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
aodcxc32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mudart32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rzcltspx.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wyhext.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lrbkpsw.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
luxbce.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ozbcji32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
diband.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pgtorec.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wfvdmoe.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
cmt32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ajpxec32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
qcwmci32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mibe.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
oge2nls.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rjcncl.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lsxp2p32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ckfview.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ovecli32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
shlwoa.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
selstr.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pitorec.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lzavi80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mzoeacct.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ngtapi32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
iisapi32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
tbkati~1.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
omccli32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dfwsock.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
vca6.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mrvcrt.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wdaspi32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ppcrt.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wspasf.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
jsngle.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
txkati~1.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rnvpsp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
sbmscrpt.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mkbe.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
iqfg95.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rxboex32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ikwphbk.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wzn32s16.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mtimrt32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
azfsipc.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
reched20.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
snrapi.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ojmreg.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
jpaw400.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
grhand.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mvpiu.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mnxml3a.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
fipwpp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
flwpp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
merating.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
rcathunk.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ikm32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
obe2prox.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lrlmb80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ncicd.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mcstkprp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mhjint40.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
sus3d630.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lkbkupdr.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
siell.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mqvcrt.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
pjtorec.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
wjsdmoe2.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
usdm16.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
ldpcx80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
popd32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mzfs2.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mncpxl32.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
xbilexr.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
jash400.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
qshndlr.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lvlma80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mkjt3032.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
qqgr.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
adctres.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mgprint.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
lkmac80n.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
noswan16.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
racns4.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
fgwpp.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
hainkprx.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
mimci2.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dstmsft.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dymsshrn.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K
dhcompos.dll Fri Dec 10 2004 11:48:58p ..S.R 217,088 212.00 K

247 items found: 247 files, 0 directories.
Total of file sizes: 53,620,736 bytes 51.14 M

------------ Strings.exe Qoologic Results ------------

-------------- Strings.exe Aspack Results -------------

C:\WINDOWS\vsapi32.dll: ASPack 1.08.04
C:\WINDOWS\vsapi32.dll: ASPack 1.08.03
C:\WINDOWS\vsapi32.dll: ASPack 1.08.02b
C:\WINDOWS\vsapi32.dll: ASPack 1.08.01
C:\WINDOWS\vsapi32.dll: ASPack 1.08
C:\WINDOWS\vsapi32.dll: ASPack 1.07b
C:\WINDOWS\vsapi32.dll: ASPack 1.61
C:\WINDOWS\vsapi32.dll: ASPack 1.05b
C:\WINDOWS\vsapi32.dll: ASPack 1.03
C:\WINDOWS\vsapi32.dll: ASPack 1.02
C:\WINDOWS\vsapi32.dll: ASPack 1.01
C:\WINDOWS\vsapi32.dll: ASPack 1.00
C:\WINDOWS\vsapi32.dll: ASPACK EXE
C:\WINDOWS\vsapi32.dll: ASPACK2 EXE
C:\WINDOWS\SYSTEM\jesterss.dll: .aspack
C:\WINDOWS\SYSTEM\fastvideoplayer.dll: .aspack

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
C:\WINDOWS\SYSTEM\DXCPROP.DLL: UMonitor
C:\WINDOWS\SYSTEM\QHSF.DLL: UMonitor
C:\WINDOWS\SYSTEM\DGDPMESH.DLL: UMonitor
C:\WINDOWS\SYSTEM\WSWIZDLL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DSDPMESH.DLL: UMonitor
C:\WINDOWS\SYSTEM\CXRDS.DLL: UMonitor
C:\WINDOWS\SYSTEM\NNSWAN16.DLL: UMonitor
C:\WINDOWS\SYSTEM\DQRAWEX.DLL: UMonitor
C:\WINDOWS\SYSTEM\FMNTEXT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PVPD.DLL: UMonitor
C:\WINDOWS\SYSTEM\DUNHPAST.DLL: UMonitor
C:\WINDOWS\SYSTEM\RYASIG.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJLDLB32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MGJAVA.DLL: UMonitor
C:\WINDOWS\SYSTEM\DQCPCSVC.DLL: UMonitor
C:\WINDOWS\SYSTEM\FEPWPP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFWLTRES.DLL: UMonitor
C:\WINDOWS\SYSTEM\FSNTEXT.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDRDO20.DLL: UMonitor
C:\WINDOWS\SYSTEM\RVOCURS.DLL: UMonitor
C:\WINDOWS\SYSTEM\AEDCXC32.DLL: UMonitor
C:\WINDOWS\SYSTEM\ODECNV32.DLL: UMonitor
C:\WINDOWS\SYSTEM\RCCHED32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MFSTKPRP.DLL: UMonitor
C:\WINDOWS\SYSTEM\VNAR332.DLL: UMonitor
C:\WINDOWS\SYSTEM\MBVIDC32.DLL: UMonitor
C:\WINDOWS\SYSTEM\PVCN1111.DLL: UMonitor
C:\WINDOWS\SYSTEM\LFXUSBCI.DLL: UMonitor
C:\WINDOWS\SYSTEM\MSINCP16.DLL: UMonitor
C:\WINDOWS\SYSTEM\HBINK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MOCO30.DLL: UMonitor
C:\WINDOWS\SYSTEM\EJCRYPT.DLL: UMonitor
C:\WINDOWS\SYSTEM\DYCPCSVC.DLL: UMonitor
C:\WINDOWS\SYSTEM\OSE2PROX.DLL: UMonitor
C:\WINDOWS\SYSTEM\RUAUI.DLL: UMonitor
C:\WINDOWS\SYSTEM\MIWSOSP.DLL: UMonitor
C:\WINDOWS\SYSTEM\sdsfmon.dll: UMonitor
C:\WINDOWS\SYSTEM\TZUMBVW.DLL: UMonitor
C:\WINDOWS\SYSTEM\ITSCLASS.DLL: UMonitor
C:\WINDOWS\SYSTEM\sMge.dll: UMonitor
C:\WINDOWS\SYSTEM\MGLS31.DLL: UMonitor
C:\WINDOWS\SYSTEM\mlbsync.dll: UMonitor
C:\WINDOWS\SYSTEM\Lmras80n.dll: UMonitor
C:\WINDOWS\SYSTEM\WNN32S16.DLL: UMonitor
C:\WINDOWS\SYSTEM\MYCD30.DLL: UMonitor
C:\WINDOWS\SYSTEM\LE32.DLL: UMonitor
C:\WINDOWS\SYSTEM\XWILEXR.DLL: UMonitor
C:\WINDOWS\SYSTEM\IGSCLASS.DLL: UMonitor
C:\WINDOWS\SYSTEM\OSBC32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MZC250.DLL: UMonitor
C:\WINDOWS\SYSTEM\QHHNDLR.DLL: UMonitor
C:\WINDOWS\SYSTEM\CUSEQCHK.DLL: UMonitor
C:\WINDOWS\SYSTEM\SPP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\CGCARDKS.DLL: UMonitor
C:\WINDOWS\SYSTEM\mgdart32.dll: UMonitor
C:\WINDOWS\SYSTEM\OQCOM400.DLL: UMonitor
C:\WINDOWS\SYSTEM\AYICAP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\PTTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\TID32.DLL: UMonitor
C:\WINDOWS\SYSTEM\DO7VB.DLL: UMonitor
C:\WINDOWS\SYSTEM\IRSTSCH.DLL: UMonitor
C:\WINDOWS\SYSTEM\DREML.DLL: UMonitor
C:\WINDOWS\SYSTEM\OLBCCP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\IGHLPAPI.DLL: UMonitor
C:\WINDOWS\SYSTEM\VLSCRIPT.DLL: UMonitor
C:\WINDOWS\SYSTEM\WJNMM.DLL: UMonitor
C:\WINDOWS\SYSTEM\PBPNDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\LP32.DLL: UMonitor
C:\WINDOWS\SYSTEM\DGIME.DLL: UMonitor
C:\WINDOWS\SYSTEM\DNDRM.DLL: UMonitor
C:\WINDOWS\SYSTEM\WU2HELP.DLL: UMonitor
C:\WINDOWS\SYSTEM\ROASETUP.DLL: UMonitor
C:\WINDOWS\SYSTEM\mynetobj.dll: UMonitor
C:\WINDOWS\SYSTEM\owbc32.dll: UMonitor
C:\WINDOWS\SYSTEM\MZWSTR10.DLL: UMonitor
C:\WINDOWS\SYSTEM\BPOWSEUI.DLL: UMonitor
C:\WINDOWS\SYSTEM\MELS31.DLL: UMonitor
C:\WINDOWS\SYSTEM\DzCNDI.DLL: rundll32.exe %s,UMonitor %s %s
C:\WINDOWS\SYSTEM\DzCNDI.DLL: UMonitor
C:\WINDOWS\SYSTEM\UpdInstall.exe: UMonitor
C:\WINDOWS\SYSTEM\UpdInstall.exe: UMonitor
C:\WINDOWS\SYSTEM\lwbkpp32.dll: UMonitor
C:\WINDOWS\SYSTEM\Lnlma80n.dll: UMonitor
C:\WINDOWS\SYSTEM\onccli32.dll: UMonitor
C:\WINDOWS\SYSTEM\Ieetwh32.dll: UMonitor
C:\WINDOWS\SYSTEM\ayfsipc.dll: UMonitor
C:\WINDOWS\SYSTEM\Lhgif80n.dll: UMonitor
C:\WINDOWS\SYSTEM\okccli32.dll: UMonitor
C:\WINDOWS\SYSTEM\Uqderwater.dll: UMonitor
C:\WINDOWS\SYSTEM\wvdmps.dll: UMonitor
C:\WINDOWS\SYSTEM\BEseball.dll: UMonitor
C:\WINDOWS\SYSTEM\TdkatiRedistributor.dll: UMonitor
C:\WINDOWS\SYSTEM\myoeacct.dll: UMonitor
C:\WINDOWS\SYSTEM\lebklcnp.dll: UMonitor
C:\WINDOWS\SYSTEM\Lwlmb80n.dll: UMonitor
C:\WINDOWS\SYSTEM\Ltpcd80n.dll: UMonitor
C:\WINDOWS\SYSTEM\dumm.dll: UMonitor
C:\WINDOWS\SYSTEM\jjpl400.dll: UMonitor
C:\WINDOWS\SYSTEM\jbaw400.dll: UMonitor
C:\WINDOWS\SYSTEM\wnspdmoe.dll: UMonitor
C:\WINDOWS\SYSTEM\whsdmoe2.dll: UMonitor
C:\WINDOWS\SYSTEM\muvcirt.dll: UMonitor
C:\WINDOWS\SYSTEM\mudxmlc.dll: UMonitor
C:\WINDOWS\SYSTEM\RMATHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\MOJT3032.DLL: UMonitor
C:\WINDOWS\SYSTEM\Lwmac80n.dll: UMonitor
C:\WINDOWS\SYSTEM\MPVCRT20.DLL: UMonitor
C:\WINDOWS\SYSTEM\MLLS31.DLL: UMonitor
C:\WINDOWS\SYSTEM\mcwdat10.dll: UMonitor
C:\WINDOWS\SYSTEM\RLCRES.dll: UMonitor
C:\WINDOWS\SYSTEM\mtjint40.dll: UMonitor
C:\WINDOWS\SYSTEM\avctres.dll: UMonitor
C:\WINDOWS\SYSTEM\RFCRES.dll: UMonitor
C:\WINDOWS\SYSTEM\Lethk80w.dll: UMonitor
C:\WINDOWS\SYSTEM\eeenu.dll: UMonitor
C:\WINDOWS\SYSTEM\DV120fc7_32.dll: UMonitor
C:\WINDOWS\SYSTEM\lbbkclr2.dll: UMonitor
C:\WINDOWS\SYSTEM\Mjstery.dll: UMonitor
C:\WINDOWS\SYSTEM\SnmRedir.dll: UMonitor
C:\WINDOWS\SYSTEM\BVseball.dll: UMonitor
C:\WINDOWS\SYSTEM\labkuir.dll: UMonitor
C:\WINDOWS\SYSTEM\SBEM0409.DLL: UMonitor
C:\WINDOWS\SYSTEM\XGILEXR.DLL: UMonitor
C:\WINDOWS\SYSTEM\MDJTER35.DLL: UMonitor
C:\WINDOWS\SYSTEM\VSB32.DLL: UMonitor
C:\WINDOWS\SYSTEM\COET16.DLL: UMonitor
C:\WINDOWS\SYSTEM\PFSPL.DLL: UMonitor
C:\WINDOWS\SYSTEM\CXSEQCHK.DLL: UMonitor
C:\WINDOWS\SYSTEM\AOKRNL32.DLL: UMonitor
C:\WINDOWS\SYSTEM\lebkpsw.dll: UMonitor
C:\WINDOWS\SYSTEM\wbpdxm.dll: UMonitor
C:\WINDOWS\SYSTEM\MRSLGN32.DLL: UMonitor
C:\WINDOWS\SYSTEM\SBORAGE.DLL: UMonitor
C:\WINDOWS\SYSTEM\ogccli32.dll: UMonitor
C:\WINDOWS\SYSTEM\MO3216.DLL: UMonitor
C:\WINDOWS\SYSTEM\OCECLI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\SgmRedir.dll: UMonitor
C:\WINDOWS\SYSTEM\DZD9.DLL: UMonitor
C:\WINDOWS\SYSTEM\TDUMBVW.DLL: UMonitor
C:\WINDOWS\SYSTEM\FNWPP.DLL: UMonitor
C:\WINDOWS\SYSTEM\IK50_QCX.DLL: UMonitor
C:\WINDOWS\SYSTEM\SSORAGE.DLL: UMonitor
C:\WINDOWS\SYSTEM\ADYCFILT.DLL: UMonitor
C:\WINDOWS\SYSTEM\MRCO30.DLL: UMonitor
C:\WINDOWS\SYSTEM\SNROBJ.DLL: UMonitor
C:\WINDOWS\SYSTEM\RFCNCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\DBIDEO.DLL: UMonitor
C:\WINDOWS\SYSTEM\fcod.dll: UMonitor
C:\WINDOWS\SYSTEM\TNOLHELP.DLL: UMonitor
C:\WINDOWS\SYSTEM\ULL.DLL: UMonitor
C:\WINDOWS\SYSTEM\IOMIGRAT.DLL: UMonitor
C:\WINDOWS\SYSTEM\SOSCRAP.DLL: UMonitor
C:\WINDOWS\SYSTEM\OXE2NLS.DLL: UMonitor
C:\WINDOWS\SYSTEM\aqrules.dll: UMonitor
C:\WINDOWS\SYSTEM\CKUINF32.DLL: UMonitor
C:\WINDOWS\SYSTEM\hmsetup.dll: UMonitor
C:\WINDOWS\SYSTEM\DPDRM.DLL: UMonitor
C:\WINDOWS\SYSTEM\tGembed.dll: UMonitor
C:\WINDOWS\SYSTEM\mlpatcha.dll: UMonitor
C:\WINDOWS\SYSTEM\pydx5032.dll: UMonitor
C:\WINDOWS\SYSTEM\pdcrt.dll: UMonitor
C:\WINDOWS\SYSTEM\DLD9.DLL: UMonitor
C:\WINDOWS\SYSTEM\AODCXC32.DLL: UMonitor
C:\WINDOWS\SYSTEM\mudart32.dll: UMonitor
C:\WINDOWS\SYSTEM\RZCLTSPX.DLL: UMonitor
C:\WINDOWS\SYSTEM\WYHEXT.DLL: UMonitor
C:\WINDOWS\SYSTEM\lrbkpsw.dll: UMonitor
C:\WINDOWS\SYSTEM\LuxBce.Dll: UMonitor
C:\WINDOWS\SYSTEM\ozbcji32.dll: UMonitor
C:\WINDOWS\SYSTEM\DIBAND.DLL: UMonitor
C:\WINDOWS\SYSTEM\PGTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\wfvdmoe.dll: UMonitor
C:\WINDOWS\SYSTEM\CMT32.DLL: UMonitor
C:\WINDOWS\SYSTEM\AJPXEC32.DLL: UMonitor
C:\WINDOWS\SYSTEM\QCWMCI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\mibe.dll: UMonitor
C:\WINDOWS\SYSTEM\OGE2NLS.DLL: UMonitor
C:\WINDOWS\SYSTEM\RJCNCL.DLL: UMonitor
C:\WINDOWS\SYSTEM\lsxp2p32.dll: UMonitor
C:\WINDOWS\SYSTEM\ckfview.dll: UMonitor
C:\WINDOWS\SYSTEM\OVECLI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\shlwoa.dll: UMonitor
C:\WINDOWS\SYSTEM\selstr.dll: UMonitor
C:\WINDOWS\SYSTEM\PITOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\Lzavi80n.dll: UMonitor
C:\WINDOWS\SYSTEM\mzoeacct.dll: UMonitor
C:\WINDOWS\SYSTEM\NGTAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\IISAPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\TbkatiClient.dll: UMonitor
C:\WINDOWS\SYSTEM\omccli32.dll: UMonitor
C:\WINDOWS\SYSTEM\DFWSOCK.DLL: UMonitor
C:\WINDOWS\SYSTEM\VCA6.DLL: UMonitor
C:\WINDOWS\SYSTEM\MRVCRT.DLL: UMonitor
C:\WINDOWS\SYSTEM\WDASPI32.DLL: UMonitor
C:\WINDOWS\SYSTEM\ppcrt.dll: UMonitor
C:\WINDOWS\SYSTEM\wspasf.dll: UMonitor
C:\WINDOWS\SYSTEM\Jsngle.dll: UMonitor
C:\WINDOWS\SYSTEM\TxkatiClientInstaller.dll: UMonitor
C:\WINDOWS\SYSTEM\RNVPSP.DLL: UMonitor
C:\WINDOWS\SYSTEM\SBMSCRPT.DLL: UMonitor
C:\WINDOWS\SYSTEM\mkbe.dll: UMonitor
C:\WINDOWS\SYSTEM\iqfg95.dll: UMonitor
C:\WINDOWS\SYSTEM\rxboex32.dll: UMonitor
C:\WINDOWS\SYSTEM\ikwphbk.dll: UMonitor
C:\WINDOWS\SYSTEM\WZN32S16.DLL: UMonitor
C:\WINDOWS\SYSTEM\MTIMRT32.DLL: UMonitor
C:\WINDOWS\SYSTEM\azfsipc.dll: UMonitor
C:\WINDOWS\SYSTEM\RECHED20.DLL: UMonitor
C:\WINDOWS\SYSTEM\SNRAPI.DLL: UMonitor
C:\WINDOWS\SYSTEM\OJMREG.DLL: UMonitor
C:\WINDOWS\SYSTEM\jpaw400.dll: UMonitor
C:\WINDOWS\SYSTEM\grhand.dll: UMonitor
C:\WINDOWS\SYSTEM\MVPIU.DLL: UMonitor
C:\WINDOWS\SYSTEM\MNXML3A.DLL: UMonitor
C:\WINDOWS\SYSTEM\FIPWPP.DLL: UMonitor
C:\WINDOWS\SYSTEM\FLWPP.DLL: UMonitor
C:\WINDOWS\SYSTEM\MERATING.DLL: UMonitor
C:\WINDOWS\SYSTEM\RCATHUNK.DLL: UMonitor
C:\WINDOWS\SYSTEM\IKM32.DLL: UMonitor
C:\WINDOWS\SYSTEM\OBE2PROX.DLL: UMonitor
C:\WINDOWS\SYSTEM\Lrlmb80n.dll: UMonitor
C:\WINDOWS\SYSTEM\NCICD.DLL: UMonitor
C:\WINDOWS\SYSTEM\MCSTKPRP.DLL: UMonitor
C:\WINDOWS\SYSTEM\mhjint40.dll: UMonitor
C:\WINDOWS\SYSTEM\sus3d630.dll: UMonitor
C:\WINDOWS\SYSTEM\lkbkupdr.dll: UMonitor
C:\WINDOWS\SYSTEM\SIELL.DLL: UMonitor
C:\WINDOWS\SYSTEM\MQVCRT.DLL: UMonitor
C:\WINDOWS\SYSTEM\PJTOREC.DLL: UMonitor
C:\WINDOWS\SYSTEM\wjsdmoe2.dll: UMonitor
C:\WINDOWS\SYSTEM\USDM16.DLL: UMonitor
C:\WINDOWS\SYSTEM\Ldpcx80n.dll: UMonitor
C:\WINDOWS\SYSTEM\POPD32.DLL: UMonitor
C:\WINDOWS\SYSTEM\MZFS2.DLL: UMonitor
C:\WINDOWS\SYSTEM\MNCPXL32.DLL: UMonitor
C:\WINDOWS\SYSTEM\XBILEXR.DLL: UMonitor
C:\WINDOWS\SYSTEM\jash400.dll: UMonitor
C:\WINDOWS\SYSTEM\QSHNDLR.DLL: UMonitor
C:\WINDOWS\SYSTEM\Lvlma80n.dll: UMonitor
C:\WINDOWS\SYSTEM\MKJT3032.DLL: UMonitor
C:\WINDOWS\SYSTEM\QQGR.DLL: UMonitor
C:\WINDOWS\SYSTEM\adctres.dll: UMonitor
C:\WINDOWS\SYSTEM\MGPRINT.DLL: UMonitor
C:\WINDOWS\SYSTEM\Lkmac80n.dll: UMonitor
C:\WINDOWS\SYSTEM\NOSWAN16.DLL: UMonitor
C:\WINDOWS\SYSTEM\RACNS4.DLL: UMonitor
C:\WINDOWS\SYSTEM\FGWPP.DLL: UMonitor
C:\WINDOWS\SYSTEM\HAINKPRX.DLL: UMonitor
C:\WINDOWS\SYSTEM\MIMCI2.DLL: UMonitor
C:\WINDOWS\SYSTEM\DSTMSFT.DLL: UMonitor
C:\WINDOWS\SYSTEM\dymsshrn.dll: UMonitor
C:\WINDOWS\SYSTEM\DHCOMPOS.DLL: UMonitor

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun"
"TaskMonitor"="C:\\WINDOWS\\taskmon.exe"
"SystemTray"="SysTray.Exe"
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\pccguide.exe\""
"PCCIOMON.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCIOMON.exe\""
"PCCClient.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\PCCClient.exe\""
"Pop3trap.exe"="\"C:\\Program Files\\Trend Micro\\PC-cillin 2002\\Pop3trap.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"sp"="rundll32 C:\\WINDOWS\\TEMP\\SE.DLL,DllInstall"
"antiware"="C:\\WINDOWS\\SYSTEM\\ELITEKBW32.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Disabled]
"Lexmark X1100 Series"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"winupdt"="RUNDLL32.EXE C:\\WINDOWS\\KMORICONS.DLL,_mainRD"
"winshost.exe"="C:\\WINDOWS\\SYSTEM\\winshost.exe"
"WinAmpAgent"="C:\\WINDOWS\\svchst.exe /i"
"LexStart"="lexstart.exe"

7

Tech Clinic / HijackLog stuff

« on: March 07, 2005, 02:45:25 AM »

OK, here is the log from the Findit9xme.bat :

header.txt
system.txt
hidden.txt
useragent.txt
locate.txt
qoologic.txt
aspack.txt
umonitor.txt
runkey.txt

And this is the Startdreck log :

»Registry
»Run Keys
»Current User
»Run
*NoAds="C:\PROGRAM FILES\NOADS\NOADS.EXE"
»RunOnce
»Default User
»Run
*NoAds="C:\PROGRAM FILES\NOADS\NOADS.EXE"
»RunOnce
»Local Machine
»Run
*ScanRegistry=C:\WINDOWS\scanregw.exe /autorun
*TaskMonitor=C:\WINDOWS\taskmon.exe
*SystemTray=SysTray.Exe
*SpeedTouch USB Diagnostics="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*pccguide.exe="C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
*PCCIOMON.exe="C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
*PCCClient.exe="C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
*Pop3trap.exe="C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
*TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
*¢‰¸ï04Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe=C:\GUQSWOGK.EXE
*sp=rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
*antiware=C:\WINDOWS\SYSTEM\ELITEKBW32.EXE
+Disabled
*Lexmark X1100 Series="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
*winupdt=RUNDLL32.EXE C:\WINDOWS\KMORICONS.DLL,_mainRD
*winshost.exe=C:\WINDOWS\SYSTEM\winshost.exe
*WinAmpAgent=C:\WINDOWS\svchst.exe /i
*LexStart=lexstart.exe
»RunOnce
»RunServices
*LoadPowerProfile=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
*PCCIOMON.exe="C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
*PCCPFW=C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
»RunServicesOnce
**hm=rundll32 C:\WINDOWS\WEN.---,DllGetClassObject
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*{5E340B4C-8FBD-11D9-97A9-000C0050587F}
`InprocServer32=C:\WINDOWS\SYSTEM\BIHJ.DLL
»Files
»System/Drivers
»Running Processes
+FFEF5CF9=C:\WINDOWS\SYSTEM\KERNEL32.DLL
+FFFF681D=C:\WINDOWS\SYSTEM\MSGSRV32.EXE
+FFFE9F8D=C:\WINDOWS\SYSTEM\MPREXE.EXE
+FFFEADB5=C:\WINDOWS\SYSTEM\mmtask.tsk
+FFFEE171=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
+FFFE0401=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
+FFFE7A81=C:\WINDOWS\RUNDLL32.EXE
+FFFDB141=C:\WINDOWS\EXPLORER.EXE
+FFFD39E1=C:\WINDOWS\RUNDLL32.EXE
+FFFCCD49=C:\WINDOWS\TASKMON.EXE
+FFFCF0CD=C:\WINDOWS\SYSTEM\SYSTRAY.EXE
+FFFC385D=C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
+FFFC572D=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
+FFFC7A31=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
+FFFB99F9=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
+FFFBB58D=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
+FFFBA955=C:\WINDOWS\RUNDLL32.EXE
+FFFBC94D=C:\WINDOWS\SYSTEM\ELITEKBW32.EXE
+FFFB0BF5=C:\PROGRAM FILES\NOADS\NOADS.EXE
+FFFA08BD=C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
+FFFB149D=C:\WINDOWS\SYSTEM\WMIEXE.EXE
+FFF904D9=C:\WINDOWS\SYSTEM\RNAAPP.EXE
+FFF958C1=C:\WINDOWS\SYSTEM\TAPISRV.EXE
+FFFCEE09=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
+FFF9F235=C:\WINDOWS\SYSTEM\INTERNAT.EXE
+FFF80DB9=C:\WINDOWS\SYSTEM\DDHELP.EXE
+FFF8FF15=C:\WINDOWS\SYSTEM\PSTORES.EXE
+FFE54D19=C:\WINDOWS\SYSTEM\WINOA386.MOD
+FFE65C65=C:\PROGRAM FILES\REAL\REALONE PLAYER\REALPLAY.EXE
+FFE4A501=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
+FFE439B5=C:\STARTDRECK\STARTDRECK.EXE
»Application specific

I downloaded DLLCompare, but i had a problem when i tried to run it. It said runtime error 52, bad file name or something like that.

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' />

Anyway, here's the second Hijackthis log :

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCIOMON.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCGUIDE.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\PCCCLIENT.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\POP3TRAP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NOADS\NOADS.EXE
C:\PROGRAM FILES\TREND MICRO\PC-CILLIN 2002\WEBTRAP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by mysingtel
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 #uto.search.msn.com
O1 - Hosts: 69.20.16.183 #earch.netscape.com
O1 - Hosts: 69.20.16.183 #eautosearch
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {E96EA461-8FE7-11D9-97A9-000C439096DD} - C:\WINDOWS\SYSTEM\BIHJ.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [¢‰¸ï04Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\GUQSWOGK.EXE
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\Run: [antiware] C:\WINDOWS\SYSTEM\ELITEKBW32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O4 - HKCU\..\Run: [NoAds] "C:\PROGRAM FILES\NOADS\NOADS.EXE"
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCxdm410XXUS
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\aklsp.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mysingtel.com.sg
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.sp2[censored]ed.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.overpro.com
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers...ll/pinstall.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by12fd.bay12.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/sg/games3.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {0CB2BD5A-7A80-4BA9-B49A-02DC51144BDF} (vciewer control) - http://www.thepaymentcentre.com/build/vciewer.cab
O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_EN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Download...Bridge-c135.cab
O16 - DPF: {FFFFFFFF-3C18-4A7E-A29D-E24F84B79BF1} - http://216.122.145.208/pi1_20.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002144.cab
O18 - Filter: text/html - {B464E07C-8F47-11D9-97A9-000C58C7C217} - C:\WINDOWS\SYSTEM\BIHJ.DLL
O18 - Filter: text/plain - {B464E07C-8F47-11D9-97A9-000C58C7C217} - C:\WINDOWS\SYSTEM\BIHJ.DLL

Wow that's a lot. Thanks so much for ur help ...

TheTechGuide Forum

News:

Messages - arro253

Tech Clinic / Help with a game

Tech Clinic / HijackLog stuff

Tech Clinic / HijackLog stuff

Tech Clinic / HijackLog stuff

Tech Clinic / HijackLog stuff

Tech Clinic / HijackLog stuff

Tech Clinic / HijackLog stuff