Spyware Warrior

Capt. YeDi · Posted: Sun Sep 19, 2004 1:42 pm Post subject: Another exe file !

Hey guys!

My CPU levels are up to MAX. I checked my Task Manager and this program dumprep.txt is raising my CPU levels up to 99% !

I made it a txt file and here's the script:

MZ ÿÿ ¸ @ à º ´ Í!¸LÍ!This program cannot be run in DOS mode.

$ —Î+Ó¯yxÓ¯yxÓ¯yx)Œ9xÑ¯yx ŒexØ¯yxÓ¯xxå¯yx)Œ`xÔ¯yxDŒ<xÒ¯yx ŒdxÑ¯yx)ŒDxÒ¯yxRichÓ¯yx PE L ±Øm= à ¦ 0 P ¤ € Ü" P @ ð P X Ü .text V `.data t 0 @ À.rsrc @ @ @’Õm=( (úm=3 (úm=@ (úm=M msvcrt.dll ADVAPI32.dll KERNEL32.dll NTDLL.DLL MÝw‹ÝwíGÝwÅ`Þw‹ÝwØÝw ªaçwŸXçw=Òæw9Øçw©¬çwŽæwŒæçwúhçw¶ïçwáèw¬çwõwL¤çwð¦çwkõw·çw¡õw¹æçw#.çw¡åçwLïçw†çw2³çw`çwõw ˆ§°>26hëJëˆÓÛy¯èìÉÜz {iîz{`Ëˆ=¼>D?ð=Ò> ±Øm= Œ Œ ˜ ˆ t ReportEREventDW ReportFaultFromQueue S O F T W A R E \ M i c r o s o f t \ P C H e a l t h \ E r r o r R e p o r t i n g \ K e r n e l F a u l t s K e r n e l F a u l t C h e c k G l o b a l \ 0 C A D F D 6 7 A F 6 2 4 9 6 d B 3 4 2 6 4 F 0 0 0 F 5 6 2 4 A S O F T W A R E \ M i c r o s o f t \ P C H e a l t h \ E r r o r R e p o r t i n g \ U s e r F a u l t s U s e r F a u l t C h e c k G l o b a l \ 4 F C C 0 D E F E 2 2 C 4 f 1 3 8 F B 9 D 5 A F 2 5 F D 9 3 9 8 S O F T W A R E \ M i c r o s o f t \ P C H e a l t h \ E r r o r R e p o r t i n g \ S h u t d o w n E v e n t s S h u t d o w n E v e n t C h e c k G l o b a l \ 2 3 8 F A D 3 1 0 9 D 3 4 7 3 a B 4 7 6 4 B 2 0 B 3 7 3 1 8 4 0 S O F T W A R E \ M i c r o s o f t \ W i n d o w s \ C u r r e n t V e r s i o n \ R u n . h d m p . m d m p D o R e p o r t S h o w U I S o f t w a r e \ M i c r o s o f t \ P C H e a l t h \ E r r o r R e p o r t i n g ÿÿÿÿý ÿÿÿÿà ä Ý ReportHang CreateMinidumpW 0 - K G 0 - U G 0 - S G \ f a u l t r e p . d l l ÿÿÿÿç! û! NB10 ±Øm= dumprep.pdb 3À@Â jhð è^ ÿuÿx ÿuÿÈ Y‹ðƒÆ‰uäƒeü 6ƒÀƒàüè ‰eè‹ü‰}àƒMüÿë¸ý ÀÃ‹eè3ÿƒMüÿ‹uä…ÿtEVÿuWÿÌ WÿÈ \Göhh SÿÐ ƒÄ…Àuf!Vh\ WÿÔ ƒÄWÿx ë3ÀeÔè÷ Â U‹ìQQV3ö9u‰uüt9uu
jWÿ| é‡ SW‹= » ‹EVVVV‰EøEøPÿuVÿuÿ ;Æt;Ãu;Ãt!ÿuÿuÿ×ƒ}uËÿuèåþÿÿëÁPÿ| ë0EüPh? Vh h €ÿ …Àu‹E@ÿ4Å0 ÿuüÿ×_[9uü^t ÿuüÿ ÉÂ ‹D$…ÀuÿX ‹L$ÿt$÷ÙÉƒáQPÿ\ Â ‹D$…ÀuÿX ÿt$j PÿT Â j\h è
3ö‰uä‰uà‰uÜ‰uØ‰uÔ‰uÐ‰uÌ‰uÈ‰uÄ‰uÀ‰u¼‰u¸‰u´‹Eƒøÿƒø} 9ut3Éë¹W €;ÎŒo @Áà‰E°ÿ°0 ÿu9°0 tÿt ‰Eàë ÿt ‰Eä9uàu 9uä„3 E´Ph Vh˜ h €ÿ ;Æ… j[‰]¼E¼PE¬PVVhˆ ÿu´‹= ÿ×;Ætÿu´ÿ éß ‰]¼E¼PE¨PVVht ÿu´ÿ×‹øÿu´ÿ ‰u´;þ…² 3ÿG9}¬t9u¬t ƒ}¬t‰}¬9}¨t9u¨t‰}¨‹]°ÿ³0 Vh ÿ@ ‰E¤‹È÷ÙÉá©ÿøÁW €‰M ˆ\ ƒ}u‰}Ü‰uü‰}ühà“ PÿD ‰Eœ;Æt=€ …‚ E´Ph? Vÿ³ 0 h €‹ ÿÓ‰Eœ;Æu^VVEÄPEÈPEÀPVVVVVVÿu´ÿ ‰Eœ;Æu:9uÀt59uÈt0ÿEÈWV‹EÈÀPèÀýÿÿ‰EØ;Æt9u¬u%9u¨u ÿuÿuÈPÿu´èäüÿÿ‰uüèV ƒMüÿé[ ‹E°9°0 tWVÿuÄèzýÿÿ‰EÔ;ÆtÓ‰EÐE¼‰E¸‹EÈ‰EÌ‹EÄ‰E¼ÿu¸ÿuÐE˜PVEÌPÿuØVÿu´ÿ ‰Eœ;Æt= u”= uDÿu´ÿ ‰u´E´Ph? Vh h €ÿÓ‰Eœ;Æ…`ÿÿÿ‹E°ÿ°0 ÿu´ÿ éIÿÿÿ‹}°9·0 t!ƒ}˜uÿu¼ÿuÔÿuØÿUàëjWÿ| ‰u”ë
VÿuØÿuÜÿUä‰E”ÿH ƒøWt95H0 t9u”t9u”„%ÿÿÿéêþÿÿÿuØÿu´ÿ ‰Eœ;Ætƒøt ƒø…Éþÿÿ9·0 „óþÿÿ95H0 „çþÿÿÿuØèÞúÿÿéÚþÿÿ3öÃ3À@Ã‹eèƒMüÿ3ö9u¤tÿu¤ÿL ÿu¤ÿP 9u´t ÿu´ÿ 9uÔt VÿuÔè)üÿÿ9uØt VÿuØèüÿÿè& Â Ul$ìü
ƒMPÿ…tõÿÿV‰EX3Àh€ ÇE@ ‰ED‰ET‰EL‰EH‰E\ÿl h° ÿh j^9uxŒÝ ƒ}xÓ S‹]|WÿsÿÀ Y‰E<3À¹ ½tõÿÿó«‹}x;þŽ¥ CüÇEl ÇEh ÇE` ‰Ed‹³fƒ9-…Ç f‹Q·Âƒødç tƒèDtHéÝ 9}`H ƒ}H …> ƒ}\ …4 ƒEd3ÀFÿE`ÿEhÿEl¹ ½tõÿÿó«ÿ4³‹=À ÇE\ ÿ×ƒEdFÿE`ÿEhÿEl‰…€õÿÿÿ4³ÿ×ƒEdFÿE`ÿEhÿEl‰…xõÿÿ‹³‰EH‹Ed‹ f‹@f=T YY„ f=t „ f=S „® f=s „¤ f=M t
f=m …è ‹El;Exƒ ÿu<j hÿ ÿd …À‰ET„w ƒEdFÿE`ÿ4³ÿEhÿElÿ×‹ø÷ØÀ%©ÿøW €Yˆ> jj j ELPÿ` PWÿuTÿ< …À„ 3ÿWWWjÿuLÿ ;Ç„ ‰EXéT ‹Eh;Exï ƒEdFÿE`ÿ4³ÿEhÿElÿ×ƒEdFÿE`ÿEhÿEl‰…„õÿÿÿ4³ÿ×YY‰…|õÿÿÇ…ˆõÿÿ é ‹El;Ex ƒEdFÿE`ÿEhÿ4³ÿElÿ×Y‰…„õÿÿÇ…ˆõÿÿ éÐ ƒèe„Ç ƒètgƒèt
ƒètHH…W ƒ}\ …M f‹Af=G ÇE\ t
f=g …% fƒúKt$fƒúktfƒúUtfƒúut ÇEP ëjÇEP ëaƒeP ë[9}lù ƒ}\ …ï ƒEdFÿE`ÿ4³ÿEhÿElÇE\ ÿÀ ;}lY‰E8~!ƒEdFÿ4³ÿE`ÿEhÿElj h ÿ ‰ED‹}xƒEdFÿE`ÿEhÿEl;÷Œýÿÿƒ}\ „„ h …ÜýÿÿPÿ$ …Üýÿÿhd PÿÄ YYj j …ÜýÿÿPÿ( ‹Ø÷ØÀ¿©ÿø#Ç¾W €Æˆ( ‹E\H„ö H„³ H… ÿuPSè$øÿÿé h …ÜýÿÿPj ÿ, ‹³f‹@f=K t f=k tf=U t
f=u thT ëhD ëh4 …ÜýÿÿPÿÄ YYjY3À}äó«E(PEäP3ÀPPPPPPÜýÿÿQPÇEäD ÿ0 …À„ ÿu,‹5P ÿÖÿu(ÿÖëo‹EH÷ØÀ#ÇÆxWh$ Sÿt ‹È÷ÙÉ#ÏÎx?ÿuXÿuHÿu<ÿÐ÷ØÀƒàýƒÀë%h Sÿt ‹È÷ÙÉ#ÏÎxÿuDj ÿu8ÿu<ÿÐ‰E@…ÛtSÿ4 ƒ}T t ÿuTÿP _[3ö9uLt ÿuLÿP 9uDt ÿuDÿP 9uX^t…tõÿÿ9EXt ÿuXÿ8 ‹E@ƒÅpÉÃj(h€ èn 3ÿWÿp f8MZu‹H<È9PE u·A= t= t‰}äë'ƒ¹„ vò3À9¹ø ëƒytvâ3À9¹è •À‰Eä‰}üjÿŒ Yƒ
h0 ÿƒ
l0 ÿÿ ‹
d0 ‰ÿ” ‹
`0 ‰¡˜ ‹ £p0 èx 9=P0 uhÌ" ÿœ YèM hè hä è8 ¡\0 ‰EàEàPÿ5X0 EÜPEØPEÔPÿ¤ ‰EÐhà hÜ è ‹EÜ‹
¨ ‰ÿuÜÿuØÿuÔèkùÿÿƒÄ0‹ð‰uÌ9}äuVÿ¬ ÿ° ë-‹Eì‹‹ ‰MÈPQè¶ YYÃ‹eè‹uÈƒ}ä uVÿ¸ ÿ¼ ƒMüÿ‹Æè: ÃhÐ" d¡ Pd‰% ‹D$‰l$l$+àSVW‹Eø‰eèP‹EüÇEüÿÿÿÿ‰EøÃ‹Mðd‰
Y_^[ÉQÃÌÌÌÌÌÌ= s÷ØÄƒÀ… ”‹ PÃQL$é - …= sì+È‹Ä…‹á‹‹@PÃÌÿ%´ ÿ% h h è
YYÃ3ÀÃÌÿ%ˆ ÿ%„ °# ÿÿÿÿÿÿÿÿô$ „ ,# ÿÿÿÿÿÿÿÿŠ% H# ÿÿÿÿÿÿÿÿH' b% v% P% @% 0% "% Â& ´& ž& Œ& v& d& V& D& Ò& $& & þ% î% à% Ô% Â% ¶% ä& ø& ' $' 4' 2& ˜% ¦% % % â$ Ô$ Ä$ ´$ $ ”$ ‚$ t$ l$ b$ T$ L$ B$ :$ 0$ &$ $ $ $ -wcsncat 'wcscmp /wcsncpy ,wcslen %wcscat s_wtol Å _c_exit ö _exit N _XcptFilter È _cexit exit ¥ __winitenv ¤ __wgetmainargs :_initterm š __setusermatherr ¶ _adjust_fdiv € __p__commode … __p__fmode ˜ __set_app_type msvcrt.dll í _except_handler3 Ö _controlfp ÈRegCloseKey âRegOpenKeyExW ÙRegEnumValueW ÒRegDeleteValueW çRegQueryInfoKeyW ìRegQueryValueExW ADVAPI32.dll } DeleteFileW SetLastError ûHeapAlloc “GetProcessHeap HeapFree / CloseHandle ©ReleaseMutex aGetLastError sWaitForSingleObject lOpenMutexW GetProcAddress SUnmapViewOfFile é FreeLibrary c CreateProcessW mGetModuleFileNameW <LoadLibraryExW °GetSystemDirectoryW eOpenEventW PMapViewOfFile Œ DuplicateHandle 4GetCurrentProcess mOpenProcess +SetUnhandledExceptionFilter ùSetErrorMode nGetModuleHandleA KERNEL32.dll H ¸ à 0 œ À , „ ° € 0 € H `@ ° °4 V S _ V E R S I O N _ I N F O ½ïþ R(
R(
? S t r i n g F i l e I n f o ì 0 4 0 9 0 4 B 0 L C o m p a n y N a m e M i c r o s o f t C o r p o r a t i o n € , F i l e D e s c r i p t i o n W i n d o w s E r r o r R e p o r t i n g D u m p R e p o r t i n g T o o l d " F i l e V e r s i o n 5 . 1 . 2 6 0 0 . 1 1 0 6 ( x p s p 1 . 0 2 0 8 2 8 - 1 9 2 0 ) 8 I n t e r n a l N a m e D U M P R E P . E X E € . L e g a l C o p y r i g h t © M i c r o s o f t C o r p o r a t i o n . A l l r i g h t s r e s e r v e d . @ O r i g i n a l F i l e n a m e D U M P R E P . E X E j % P r o d u c t N a m e M i c r o s o f t ® W i n d o w s ® O p e r a t i n g S y s t e m @ P r o d u c t V e r s i o n 5 . 1 . 2 6 0 0 . 1 1 0 6 D V a r F i l e I n f o $ T r a n s l a t i o n °

It sounds like a baddy to me.

I did an Hijack This! scan:

Logfile of HijackThis v1.97.7
Scan saved at 5:39:00 PM, on 9/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\PROGRA~1\Grisoft\AVGTCP~1\avgtcpsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
C:\Program Files\BullGuard\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Alex\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deltawarriors.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tYWKD] C:\docume~1\alex\locals~1\temp\tYWKD.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Hawo] C:\Documents and Settings\Alex\Application Data\loum.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Vijez] C:\WINDOWS\System32\rvyiqe.exe
O4 - HKCU\..\Run: [Desktop Weather 3] G:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm
O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=5d15351b96687ac90b54afcc18827f4e0c2e1af8d6b2139a6d78fa1ba96d9d848d38af6822d00ec9f99362db9dd3db34d4b55fa34a893c9a5b532161d5cd35:316ec1697e4766858480d3e80deecaa8
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095440083312
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/budicon.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

As you can see; it's in there.
The script sounds like a virus, it was doing some error reports on queue, and some other stuff. Confused

capt. yeDi.