Dear WhatTheTech Team,

For a couple of days now my computer has been acting up a bit so I decided to scan my computer with HijackThis, DSS and Kaspersky Anti-Virus. I believe that I have been able to remove most of the threats using a combination of HijackThis and Kaspersky which both claim that my computer is clean now. I have however noticed some weird .dll files in the DSS Log so some expert advice could be helpfull .

DSS Log: Main.txt

Deckard's System Scanner v20071014.68
Run by God on 2008-07-12 16:57:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
19: 2008-07-12 14:57:43 UTC - RP19 - Deckard's System Scanner Restore Point
18: 2008-07-12 13:09:03 UTC - RP18 - Removed FM Modifier 2.25
17: 2008-07-12 12:59:09 UTC - RP17 - Installed FM Modifier 2.25
16: 2008-07-11 21:04:43 UTC - RP16 - SPTD setup V1.56
15: 2008-07-11 10:42:09 UTC - RP15 - Printer Driver Microsoft XPS Document Writer Installed


-- First Restore Point --
1: 2008-07-10 19:29:52 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as God.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:24 PM, on 7/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky\avp.exe
C:\Program Files\Tools\Black\NP\DUC20.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\D-Link\AirPlus.exe
C:\Documents and Settings\God\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\God.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1215699820898
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA8FBE62-9F25-4344-B637-AE6965B2625F}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\mzvkbd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky\avp.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - C:\Program Files\Tools\Black\NP\DUC20.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3905 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20080710-220902-123 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080710-220902-489 O2 - BHO: (no name) - {45021ED3-01A0-4BE0-9581-E08221DF6EB0} - C:\WINDOWS\system32\qwqxotea.dll
backup-20080710-220902-739 O20 - Winlogon Notify: ddcCRjKb - C:\WINDOWS\SYSTEM32\ddcCRjKb.dll
backup-20080710-220902-863 O2 - BHO: (no name) - {A9F3C8DE-85A0-4C96-B9BA-D0D4064706B3} - C:\WINDOWS\system32\ddcCRjKb.dll
backup-20080710-220902-875 O2 - BHO: (no name) - {7813AEB8-1C26-454C-9A90-71CFF9D5AB5E} - C:\WINDOWS\system32\vtUlmnon.dll (file missing)
backup-20080710-221848-386 O2 - BHO: (no name) - {A9F3C8DE-85A0-4C96-B9BA-D0D4064706B3} - C:\WINDOWS\system32\ddcCRjKb.dll (file missing)
backup-20080710-221848-696 O20 - Winlogon Notify: ddcCRjKb - ddcCRjKb.dll (file missing)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 MDC8021X (WPA Security Protocol (IEEE 802.1x) v2.2.0.0) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
R3 AR5211 (D-Link Adapter) - c:\windows\system32\drivers\ar5211.sys <Not Verified; D-Link; D-Link Wireless Network Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NoIPDUCService - c:\program files\tools\black\np\duc20.exe -service <Not Verified; Vitalwerks LLC; DUC v2.2.1.0>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Compatable Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80A11043&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Compatable Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80A11043&REV_74\3&61AAA01&0&90
Service: FETNDIS


-- Files created between 2008-06-12 and 2008-07-12 -----------------------------

2008-07-12 15:11:04 0 dr-h----- C:\Documents and Settings\God\Recent
2008-07-12 15:09:04 0 d-------- C:\WINDOWS\system32\appmgmt
2008-07-11 23:09:10 0 d-------- C:\Program Files\DAEMON Tools
2008-07-11 23:04:43 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-11 23:04:38 0 d-------- C:\Documents and Settings\God\Application Data\DAEMON Tools
2008-07-11 22:46:00 0 d--h----- C:\Program Files\Zero G Registry
2008-07-11 22:46:00 0 d-------- C:\Program Files\Football Manager 2008
2008-07-11 22:45:24 0 d--h----- C:\Documents and Settings\God\InstallAnywhere
2008-07-11 22:43:15 0 d-------- C:\Documents and Settings\God\Application Data\Sports Interactive
2008-07-11 12:42:47 0 d-------- C:\Program Files\MSBuild
2008-07-11 12:42:40 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-07-11 12:42:34 0 d-------- C:\Program Files\Reference Assemblies
2008-07-11 12:31:27 0 d-------- C:\Program Files\VLC
2008-07-10 23:19:31 0 d--h----- C:\WINDOWS\PIF
2008-07-10 23:09:11 0 d-------- C:\Program Files\Ad-Aware
2008-07-10 23:09:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-10 23:08:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 23:05:57 0 d-------- C:\Program Files\CCleaner
2008-07-10 22:16:09 0 d-------- C:\Documents and Settings\God\Application Data\Desktopicon
2008-07-10 21:32:44 49664 --a------ C:\WINDOWS\system32\qwqxotea.dll
2008-07-10 21:29:42 1587 --ahs---- C:\WINDOWS\system32\nonmlUtv.ini2
2008-07-10 21:22:06 96966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-10 21:22:06 88774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-10 21:21:19 131104 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-10 21:21:19 591392 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-10 21:21:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-10 21:19:33 0 d-------- C:\Program Files\Kaspersky
2008-07-10 21:15:51 0 d-------- C:\WINDOWS\Sun
2008-07-10 21:15:51 0 d-------- C:\Documents and Settings\God\Application Data\Sun
2008-07-10 21:07:58 0 d-------- C:\Documents and Settings\God\Application Data\Macromedia
2008-07-10 21:07:57 0 d-------- C:\Documents and Settings\God\Application Data\Adobe
2008-07-10 20:58:40 0 d-------- C:\Documents and Settings\God\Contacts
2008-07-10 20:28:19 30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>
2008-07-10 20:28:19 1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>
2008-07-10 20:28:18 0 d-------- C:\WINDOWS\VirtualEar
2008-07-10 20:28:18 45056 --a------ C:\WINDOWS\system32\SynthCore11Resources.dll <Not Verified; Analog Devices, Inc.; Analog Devices, Inc. SynthCore11Resources>
2008-07-10 20:28:18 40820 --a------ C:\WINDOWS\system32\Syncor11.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2008-07-10 20:28:18 49152 --a------ C:\WINDOWS\system32\S11thk32.dll <Not Verified; SoundMAX; Staccato Systems SynthCore R2.0 Synthesizer>
2008-07-10 20:28:18 765952 --a------ C:\WINDOWS\system\crlds3d.dll <Not Verified; Sensaura Ltd; Sensaura 3DPA>
2008-07-10 20:28:18 978944 --a------ C:\WINDOWS\SynthCoreA.Dll <Not Verified; Analog Devices, Inc.; SoundMAX Wavetable>
2008-07-10 20:28:18 380928 --a------ C:\WINDOWS\SynCor.exe <Not Verified; Analog Devices, Inc.; SynthCore>
2008-07-10 20:28:17 44 --a------ C:\WINDOWS\system32\msssc.dll
2008-07-10 20:28:17 49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>
2008-07-10 20:28:17 45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-07-10 20:28:17 0 d-------- C:\Program Files\Analog Devices
2008-07-10 20:26:18 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-07-10 20:22:12 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-10 20:21:45 0 d-------- C:\Program Files\Windows Live
2008-07-10 20:21:36 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-10 20:12:56 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-07-10 20:07:38 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-07-10 20:02:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-07-10 17:20:50 0 d--hs---- C:\WINDOWS\Installer
2008-07-10 17:20:50 0 d-------- C:\Program Files\Common Files\ODBC
2008-07-10 17:20:47 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-07-10 17:20:46 0 dr------- C:\Program Files
2008-07-10 17:20:46 0 d-------- C:\Program Files\Common Files
2008-07-10 17:20:27 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-07-10 17:20:27 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-07-10 17:20:27 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-07-10 17:20:27 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-07-10 17:20:27 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-07-10 17:20:27 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-07-10 17:20:27 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-07-10 17:20:27 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-07-10 17:20:27 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-07-10 17:20:27 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-07-10 17:20:27 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-07-10 17:20:27 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-07-10 17:20:27 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-07-10 17:20:27 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-07-10 17:20:27 0 dr------- C:\Documents and Settings\All Users\Documents
2008-07-10 17:20:27 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-07-10 17:18:41 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-07-10 17:18:41 0 d-------- C:\WINDOWS\system32\CatRoot
2008-07-10 17:18:36 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-07-10 17:18:36 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-07-10 17:18:35 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-07-10 17:18:35 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-07-10 17:18:17 0 d--hs---- C:\System Volume Information
2008-07-10 17:18:17 0 d-------- C:\Documents and Settings
2008-07-10 17:13:13 0 d-------- C:\WINDOWS
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\WinSxS
2008-07-10 17:13:13 0 dr------- C:\WINDOWS\Web
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\twain_32
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\wins
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\wbem
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\usmt
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\spool
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\ShellExt
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\Setup
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\scripting
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\ras
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\oobe
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\npp
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\mui
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\inetsrv
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\IME
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\icsxml
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\ias
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\export
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\en
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\drivers
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-07-10 17:13:13 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\dhcp
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\config
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\3076
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\2052
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\1054
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\1042
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\1041
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\1037
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\1033
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\1031
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\1028
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system32\1025
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\system
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\security
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Resources
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\repair
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Provisioning
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\PeerNet
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\pchealth
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Network Diagnostic
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\mui
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\msapps
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\msagent
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Media
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\L2Schemas
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\java
2008-07-10 17:13:13 0 d--h----- C:\WINDOWS\inf
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\ime
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Help
2008-07-10 17:13:13 0 dr--s---- C:\WINDOWS\Fonts
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\ehome
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Driver Cache
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Debug
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Cursors
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Connection Wizard
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\Config
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\AppPatch
2008-07-10 17:13:13 0 d-------- C:\WINDOWS\addins
2008-07-10 17:00:19 0 d-------- C:\WINDOWS\system32\PreInstall
2008-07-10 17:00:17 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-10 16:58:22 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-07-10 16:23:36 0 d--hs---- C:\Documents and Settings\God\UserData
2008-07-10 16:23:07 676224 --a------ C:\WINDOWS\system32\OGACheckControl.dll
2008-07-10 16:19:11 0 d-------- C:\Documents and Settings\God\Application Data\WinRAR
2008-07-10 16:16:34 0 d-------- C:\Program Files\Tools
2008-07-10 16:08:18 0 d-------- C:\Program Files\uTorrent
2008-07-10 16:08:08 0 d-------- C:\Documents and Settings\God\Application Data\uTorrent
2008-07-10 16:05:43 0 d-------- C:\Program Files\Java
2008-07-10 16:05:02 0 d-------- C:\Program Files\Common Files\Java
2008-07-10 16:04:34 0 d-------- C:\WINDOWS\system32\Adobe
2008-07-10 15:55:29 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-10 15:55:27 0 d-------- C:\Documents and Settings\God\Application Data\Mozilla
2008-07-10 15:55:18 0 d-------- C:\Program Files\Firefox
2008-07-10 15:47:35 147456 -ra------ C:\WINDOWS\system32\ssleay32.dll
2008-07-10 15:47:35 651264 -ra------ C:\WINDOWS\system32\libeay32.dll
2008-07-10 15:47:35 11861 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.2>
2008-07-10 15:47:35 351776 --a------ C:\WINDOWS\system32\drivers\ar52119x.sys <Not Verified; D-Link; D-Link Wireless Network Adapter>
2008-07-10 15:47:35 351840 --a------ C:\WINDOWS\system32\drivers\ar5211.sys <Not Verified; D-Link; D-Link Wireless Network Adapter>
2008-07-10 15:47:35 114688 --a------ C:\WINDOWS\system32\athcfg10.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-07-10 15:47:35 450560 -ra------ C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client>
2008-07-10 15:47:35 327680 -ra------ C:\WINDOWS\system32\AegisE2.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client>
2008-07-10 15:47:34 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-10 15:47:28 0 d-------- C:\Program Files\D-Link
2008-07-10 15:47:21 0 d-------- C:\Program Files\Common Files\InstallShield
2008-07-10 15:38:22 0 d-------- C:\Documents and Settings\God\Application Data\Identities
2008-07-10 15:38:08 0 d--h----- C:\Documents and Settings\God\Templates
2008-07-10 15:38:08 0 dr------- C:\Documents and Settings\God\Start Menu
2008-07-10 15:38:08 0 dr-h----- C:\Documents and Settings\God\SendTo
2008-07-10 15:38:08 0 d--h----- C:\Documents and Settings\God\PrintHood
2008-07-10 15:38:08 1310720 --ah----- C:\Documents and Settings\God\NTUSER.DAT
2008-07-10 15:38:08 0 d--h----- C:\Documents and Settings\God\NetHood
2008-07-10 15:38:08 0 dr------- C:\Documents and Settings\God\My Documents
2008-07-10 15:38:08 0 d--h----- C:\Documents and Settings\God\Local Settings
2008-07-10 15:38:08 0 dr------- C:\Documents and Settings\God\Favorites
2008-07-10 15:38:08 0 d-------- C:\Documents and Settings\God\Desktop
2008-07-10 15:38:08 0 d--hs---- C:\Documents and Settings\God\Cookies
2008-07-10 15:38:08 0 dr-h----- C:\Documents and Settings\God\Application Data
2008-07-10 15:35:57 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-10 15:35:55 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-07-10 15:35:55 0 d-------- C:\WINDOWS\Prefetch
2008-07-10 15:35:54 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-07-10 15:35:54 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-07-10 15:35:54 0 d--hs---- C:\Documents and Settings\LocalService\Cookies
2008-07-10 15:35:54 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-07-10 15:35:54 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-07-10 15:35:47 237568 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-07-10 15:35:47 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-07-10 15:35:47 0 d--hs---- C:\Documents and Settings\NetworkService\Cookies
2008-07-10 15:35:47 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-07-10 15:35:47 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-07-10 15:32:36 0 d-------- C:\WINDOWS\system32\xircom
2008-07-10 15:32:36 0 d-------- C:\Program Files\microsoft frontpage
2008-07-10 15:32:22 237568 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-07-10 15:32:11 0 -rahs---- C:\MSDOS.SYS
2008-07-10 15:32:11 0 -rahs---- C:\IO.SYS
2008-07-10 15:32:11 0 --a------ C:\CONFIG.SYS
2008-07-10 15:32:11 0 --a------ C:\AUTOEXEC.BAT
2008-07-10 15:31:07 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-07-10 15:30:56 0 dr------- C:\WINDOWS\Offline Web Pages
2008-07-10 15:30:56 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-07-10 15:30:45 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-10 15:30:26 0 d-------- C:\WINDOWS\system32\DirectX
2008-07-10 15:30:12 0 d---s---- C:\WINDOWS\Tasks
2008-07-10 15:30:11 0 d-------- C:\Program Files\Common Files\MSSoap
2008-07-10 15:30:09 0 d-------- C:\WINDOWS\srchasst
2008-07-10 15:30:08 0 d-------- C:\WINDOWS\system32\Macromed
2008-07-10 15:30:02 0 d-------- C:\Program Files\Movie Maker
2008-07-10 15:29:46 0 d-------- C:\WINDOWS\system32\Restore
2008-07-10 15:29:07 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-07-10 15:28:53 0 d-------- C:\WINDOWS\Registration
2008-07-10 15:28:46 0 d-------- C:\Program Files\Online Services
2008-07-10 15:28:39 0 d-------- C:\Program Files\Messenger
2008-07-10 15:28:37 0 d-------- C:\Program Files\MSN Gaming Zone
2008-07-10 15:28:08 0 d-------- C:\Program Files\Windows NT
2008-07-10 15:28:05 0 d-------- C:\WINDOWS\system32\MsDtc
2008-07-10 15:28:03 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2008-07-10 17:20:27 62 --ahs---- C:\Documents and Settings\God\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
04/25/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky\ievkbd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"AVP"="C:\Program Files\Kaspersky\avp.exe" [04/25/2008 06:21 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools\daemon.exe" [07/08/2008 06:22 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus Xtreme G Configuration Utility.lnk - C:\Program Files\D-Link\AirPlus.exe [7/10/2008 3:47:35 PM]
D-Link REG Utility.lnk - C:\Program Files\D-Link\Reg.exe [7/10/2008 3:47:35 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtUlmnon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d57f7bc-4e92-11dd-b1fe-806d6172696f}]
AutoRun\command- G:\driver.EXE

*Newly Created Service* - APPMGMT



-- End of Deckard's System Scanner: finished at 2008-07-12 17:01:29 ------------

DSS Log: Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2600+
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 511.53 MiB / 271.91 MiB
Pagefile Memory (total/avail): 1249.66 MiB / 1009.19 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1878.36 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 68.85 GiB free.
D: is Fixed (Unformatted) - 0 GiB total, 0 GiB free.
E: is Fixed (FAT32) - 44.45 GiB total, 29.74 GiB free.
F: is CDROM (No Media)
G: is CDROM (CDFS)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - WDC WD400BB-00DKA0 - 37.27 GiB - 1 partition
\PARTITION0 - Installable File System - 37.26 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJC0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE2 - SAMSUNG HM080IC USB Device - 74.53 GiB - 2 partitions
\PARTITION0 - Unknown - 44.46 GiB - E:
\PARTITION1 - Unknown - 30.07 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------


ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\God\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KSXP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\God
LOGONSERVER=\\KSXP
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\God\LOCALS~1\Temp
TMP=C:\DOCUME~1\God\LOCALS~1\Temp
USERDOMAIN=KSXP
USERNAME=God
USERPROFILE=C:\Documents and Settings\God
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

God (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11 --> C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
D-Link AirPlus Xtreme G Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52A5F706-2FCC-4C14-9E9A-345C2DCB25E9}\Setup.exe" -l0x9
Football Manager 2008 --> "C:\Program Files\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe"
HijackThis 2.0.2 --> "C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009 --> MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Mozilla Firefox (3.0) --> C:\Program Files\Firefox\uninstall\helper.exe
No-IP.com DUC (remove only) --> "C:\Program Files\Tools\Black\NP\DUC20.exe" -uninstall
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Unlocker 1.8.7 --> C:\Program Files\Unlocker\uninst.exe
VideoLAN VLC media player 0.8.6h --> C:\Program Files\VLC\uninstall.exe
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type134 / Warning
Event Submitted/Written: 07/11/2008 00:44:37 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_2050727_ASPNETAppsv2050727 for Performance Library ASP.NET_2.0.50727 because error 0x80041001 was returned

Event Record #/Type133 / Warning
Event Submitted/Written: 07/11/2008 00:44:37 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET_2.0.50727 performance library because it returned invalid data: 0x0

Event Record #/Type132 / Warning
Event Submitted/Written: 07/11/2008 00:44:37 PM
Event ID/Source: 40 / WinMgmt
Event Description:
WMI ADAP was unable to create the object Win32_PerfRawData_ASPNET_ASPNETApplications for Performance Library ASP.NET because error 0x80041001 was returned

Event Record #/Type131 / Warning
Event Submitted/Written: 07/11/2008 00:44:37 PM
Event ID/Source: 35 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET performance library because it returned invalid data: 0x0

Event Record #/Type111 / Warning
Event Submitted/Written: 07/11/2008 00:43:02 PM
Event ID/Source: 0 / System.ServiceModel.Install 3.0.0.0
Event Description:
HTTP namespace reservations are not installed.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type529 / Error
Event Submitted/Written: 07/12/2008 03:08:36 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type524 / Error
Event Submitted/Written: 07/12/2008 02:11:50 PM / 07/12/2008 02:12:13 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type496 / Error
Event Submitted/Written: 07/11/2008 11:07:53 PM / 07/11/2008 11:08:23 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type473 / Error
Event Submitted/Written: 07/11/2008 00:45:51 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type472 / Error
Event Submitted/Written: 07/11/2008 00:45:43 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-07-12 17:01:29 ------------

Thx in advance for any help.
KSieber