Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus From Smiley Central


  • Please log in to reply
8 replies to this topic

#1 deejei1

deejei1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 02 November 2007 - 08:30 PM

I downloaded Smiley Central from the my web search toolbar and I think that I got a VIRUS!!! :thumbsup: PLEASE HELP!!!!!!!!! How do I get rid of it??? It is making my computer run slow or it freezes and it keeps giving me pop-ups about spyware.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:12:10 PM, on 11/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Games Enhancement\gameen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Macromed\SHOCKW~1\SWHELP~1.EXE -Update -1020022 -iexplore.exe7.0
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsan...aploader_v7.cab
O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5795FB5-8FCE-4000-93CF-6164C69E07CB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA3D7A27-51F8-4F25-A5B0-CEA8BD6D8099}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D58F8936-206A-4BB3-976B-6B5EE9A5868C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Games Enhancement Service - Exent Technologies Ltd. - C:\Program Files\Common Files\Games Enhancement\gameen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 14267 bytes

BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:23 AM

Posted 07 November 2007 - 12:29 PM

Hi deejei1 and welcome to Bleeping Computer.
I will be handling your log and helping you to get cleaned up.

Please take note of the following:

1. Please do not make any system changes yet. as any changes you make may well alter your log.
2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
4. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Starbuck

BBPP6nz.png


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:23 AM

Posted 09 November 2007 - 02:47 AM

Hi deejei1

Before we start, please disable Spybot S&D’s TeaTimer protection, because it is known to interfere with our fixes.
You can enable it again after you're clean.

Open Spybot and click on 'Mode' then click 'Advanced Mode'.
Click on 'Tools' in bottom left hand corner.
Click on the 'System Startup' icon.
Uncheck 'Teatimer' box and/or uncheck 'Resident'.
Click the 'Allow Change' box.(if asked)
Then, check next to the computer clock to see if the icon for Spybot is still there.
If it is, right click it and choose 'exit Spybot-S&D Resident'.

Reboot the computer.

Step 1
Please download the following programs:
Fixwareout and save it to your desktop.
Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Step 2
Run 'Fixwareout' by clicking on the desktop icon:
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it..... allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please post the text that will open (report.txt).

Step 3
Deckard's System Scanner
1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, it will create two text files - main.txt <- this one will be maximized and extra.txt <-this one will be minimized on your Taskbar.
4. Copy/paste both logs back here please (they will also be located at C:\Deckard\System Scanner).

Make sure you notice the extra.txt second log that will show as minimized on your Task Bar, "Maximize" that and be sure to paste those contents here as well.


So, in your next reply please post:
Fixwareout report.
Both DSS reports.

Thx

BBPP6nz.png


#4 deejei1

deejei1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 09 November 2007 - 07:07 AM

Username "Ben" - 11/09/2007 6:43:31 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdjag.exe"

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"HP Software Update"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"QPService"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"eabconfg.cpl"="C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start"
"RecGuard"="C:\\Windows\\SMINST\\RecGuard.exe"
"Reminder"="C:\\Windows\\CREATOR\\Remind_XP.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe"
"mcagent_exe"="C:\\Program Files\\McAfee.com\\Agent\\mcagent.exe /runkey"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Exetender"="C:\\Program Files\\Free Ride Games\\GPlayer.exe /runonstartup"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Turion™ 64 Mobile Technology ML-32
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 510.17 MiB / 100.36 MiB
Pagefile Memory (total/avail): 1245.23 MiB / 864.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.15 MiB

C: is Fixed (NTFS) - 60.79 GiB total, 17.82 GiB free.
D: is Fixed (FAT32) - 12.71 GiB total, 0.94 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541080G9AT00 - 74.53 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 60.79 GiB - C:
\PARTITION1 - Unknown - 12.73 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.0"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Documents and Settings\\Ben\\My Documents\\utorrent.exe"="C:\\Documents and Settings\\Ben\\My Documents\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\iWin Games\\iWinGames.exe"="C:\\Program Files\\iWin Games\\iWinGames.exe:*:Enabled:iWin Games application."
"C:\\Program Files\\iWin Games\\WebUpdater.exe"="C:\\Program Files\\iWin Games\\WebUpdater.exe:*:Enabled:iWin Games updater."


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ben\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-727A0A4E7C
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ben
LOGONSERVER=\\YOUR-727A0A4E7C
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2402
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Ben\LOCALS~1\Temp
TMP=C:\DOCUME~1\Ben\LOCALS~1\Temp
USERDOMAIN=YOUR-727A0A4E7C
USERNAME=Ben
USERPROFILE=C:\Documents and Settings\Ben
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ben (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5DE4D54F-AA79-43A4-9C8A-C173E7E2B025\Uninstall.exe"
5 Spots --> C:\Remote Programs\5 sports\GPlrLanc.exe -LOpCode 2 /RemoveContent cid=464950;name=5 Spots;dir=C:\Remote Programs\5 sports\;prvid=143;cmdid=1;prvdir=FreeRideGames
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Are You Smarter Than A 5th Grader (remove only) --> "C:\Program Files\iWin.com\Are You Smarter Than A 5th Grader\Uninstall.exe"
Astro Gemini Screensaver Manager 1.2 --> "C:\Program Files\Astro Gemini Software\Screensaver Manager\unins000.exe"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Boggle Supreme from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5658FB14-16A4-4DAE-946B-1457BE31572E\Uninstall.exe"
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
Bookworm Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0769D17-E72A-4E87-A83F-1F7A3F080008\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7A940E33-6993-404B-ABA6-ED62E8FBE615\Uninstall.exe"
BUM --> MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Chuzzle Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\382C11F0-1A18-4F76-B8E0-15CA7F209C22\Uninstall.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\Support.com\uninstall\chsi_uninstaller.exe
Comcast Toolbar --> C:\Program Files\ComcastToolbar\uninstall.exe
Conexant AC-Link Audio --> C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Crystal Maze from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E94C7046-2F7D-4D4D-B76F-C412DCCEAAC2\Uninstall.exe"
Customer Experience Enhancement --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Delivery King --> C:\Remote Programs\Delivery King\GPlrLanc.exe -LOpCode 2 /RemoveContent cid=466150;name=Delivery King;dir=C:\Remote Programs\Delivery King\;prvid=143;cmdid=1;prvdir=FreeRideGames
Desktop Doctor --> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor?"
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Internet Sign-up --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{0DD40CD6-A11F-4732-91EB-A5F6D26DDA20}
ebgcRes --> MsiExec.exe /X{DC32544C-86ED-4B8E-80BC-9DC99023A313}
ebgcSDK --> MsiExec.exe /X{28E7B64D-150F-4A9E-B7A3-5A6AC8C2F822}
ebgcSDK --> MsiExec.exe /X{53B2D537-21CF-44D5-A03A-0DAF993B5728}
ESPNMotion --> C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
Exent Games Enhancement --> MsiExec.exe /I{6F531366-87FA-4EEA-ABAC-E37A89569171}
Family Feud II (remove only) --> "C:\Program Files\iWin.com\Family Feud II\Uninstall.exe"
FATE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6ECB6EE6-92E1-4525-AF3B-3CE51A7C5F89\Uninstall.exe"
Final Drive Fury --> "C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
Final Drive Nitro from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\320F055A-570F-4335-B026-16A836DB9549\Uninstall.exe"
FirstClass® Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B35C417-2649-11D6-83D1-0050FC01225C}\setup.exe" -l0x9 -uninst
Free Ride Games Player --> "C:\Program Files\Free Ride Games\Uninstall.exe"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
HP Game Console and games --> C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP QuickPlay 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Rhapsody --> C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides--System Recovery --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC96BBA7-C634-460E-AD18-A0A994213F80}\Setup.exe" -l0x9 -removeonly
HP User Guides 0025 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52AE81CB-B786-490E-93CF-240A9891B392}\setup.exe" -l0x9 -removeonly
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Inwordz Deluxe --> "C:\Program Files\HP Games\Inwordz Deluxe\Uninstall.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
iWin Games (remove only) --> "C:\Program Files\iWin Games\Uninstall.exe"
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jewel Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\4C061F83-EE92-445A-A03F-184B0BD59242\Uninstall.exe"
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
KODAK EASYSHARE Gallery Easy Upload, v2.1 --> C:\Documents and Settings\Ben\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_e26c225\Setup.exe /APR-REMOVE
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_140010_99b5115\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lemonade Tycoon 2 from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E90E3AE9-73E4-4E5C-BB0F-673989A808D0\Uninstall.exe"
Lexibox Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\5758A0E8-A112-4A1D-82EC-EC72F7F16B88\Uninstall.exe"
LimeWire 4.12.3 --> "C:\Program Files\LimeWire\uninstall.exe"
M˛Convert Pro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00815AC4-58B9-4DEF-854F-66262AFB34DB}\setup.exe" -l0x9 -removeonly
Magic Ball 3 --> C:\Remote Programs\Magic Ball 3\GPlrLanc.exe -LOpCode 2 /RemoveContent cid=465950;name=Magic Ball 3;dir=C:\Remote Programs\Magic Ball 3\;prvid=143;cmdid=1;prvdir=FreeRideGames
Mah Jong Quest from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E76A7EFF-7758-49EE-B3FA-9699830A2D6B\Uninstall.exe"
MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MemoriesOnTV 3.1.8 --> "C:\Program Files\MemoriesOnTV3\unins000.exe"
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mind Machine --> C:\Remote Programs\Mind Machine\GPlrLanc.exe -LOpCode 2 /RemoveContent cid=464550;name=Mind Machine;dir=C:\Remote Programs\Mind Machine\;prvid=143;cmdid=1;prvdir=FreeRideGames
MP3 Player Utilities 2.22 --> MsiExec.exe /I{8BD05395-7001-494D-A9BA-DD518669A1C1}
muvee autoProducer 4.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{286F29AF-0BE2-4D5F-AB17-B7631A810553}\setup.exe" -l0x9
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
NCAA Championship Run 2006 --> "C:\Program Files\HP Games\NCAA Championship Run 2006\Uninstall.exe"
Netscape Browser (remove only) --> "C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia PC Suite --> MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
Oasis from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\E332F38A-75F6-4EF2-88CC-246E8A1CB5D7\Uninstall.exe"
Office 2003 Trial Assistant --> MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Pacific Heroes --> C:\PROGRA~1\SHOCKW~1.COM\PACIFI~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\PACIFI~1\INSTALL.LOG
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
Polar Bowler from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7F8C5718-1BA9-4AAE-96D2-2B04D05F2D54\Uninstall.exe"
Polar Golfer from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D2E44AA4-8665-4490-A6C9-2D0744B47B27\Uninstall.exe"
Puzzle Express from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\EF860173-4FB7-4DE1-8BE8-5400F05A0DC5\Uninstall.exe"
Quick Launch Buttons 5.20 G1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Roller Rush (remove only) --> "C:\Program Files\AOL Games\Roller Rush\Uninstall.exe"
Safecracker (remove only) --> "C:\Program Files\iWin.com\Safecracker\Uninstall.exe"
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins001.exe"
Sandlot Games Client Services 1.2.2 --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
SCRABBLE from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\103EFD47-9F2C-4490-95DD-AE6C442AFB92\Uninstall.exe"
Screensavers Installer Version 2 --> "C:\Program Files\Screensavers.com\SSSInst\bin\SSSUninst.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shrek 2 Ogre Bowler --> "C:\Program Files\HP Games\Shrek 2 Ogre Bowler\Uninstall.exe"
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Slingo Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C264D692-8E15-4141-96A2-5621332E5DD0\Uninstall.exe"
Slyder from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0202B33-E73D-4FCD-AC88-0B2971AFC116\Uninstall.exe"
Snowboard SuperJam --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DED8E2B5-BA9F-448F-84E8-0AEF79876F95\Uninstall.exe"
Snowy: Fish Frenzy --> C:\Remote Programs\Snowy Fish Frenzy\GPlrLanc.exe -LOpCode 2 /RemoveContent cid=418650;name=Snowy: Fish Frenzy;dir=C:\Remote Programs\Snowy Fish Frenzy\;prvid=143;cmdid=1;prvdir=FreeRideGames
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
Speedometer 1.0 --> "C:\Program Files\Speedometer\SETUP\setup.exe" /u
Sprill (remove only) --> "C:\Program Files\iWin.com\Sprill\Uninstall.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Starcrossed (remove only) --> "C:\Program Files\iWin.com\Starcrossed\Uninstall.exe"
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
STX --> "C:\Program Files\HP Games\STX\Uninstall.exe"
Super Granny from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\7ED8A70C-9597-40BE-AEA0-0573182F1F51\Uninstall.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
Time Breaker --> "C:\Program Files\HP Games\Time Breaker\Uninstall.exe"
TourSetup --> MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Tradewinds from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\1C3FDBBA-EBF7-4CDB-AD8A-A1125734AF86\Uninstall.exe"
Tropical Swaps (remove only) --> "C:\Program Files\Crystal Squid\Tropical Swaps\uninstall.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Virtual DJ - Atomix Productions --> C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Wik and The Fable of Souls --> "C:\Program Files\HP Games\Wik and The Fable of Souls\Uninstall.exe"
Wild West Ransom --> "C:\Program Files\HP Games\Wild West Ransom\Uninstall.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Wireless Home Network Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D8492A-C8E2-421E-927D-46800FB327A3}\setup.exe" -l0x9 -removeonly
XCopyPSP --> "C:\Program Files\XCopyPSP\uninstall.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zuma Deluxe from Hewlett-Packard Laptops (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\074EEF5F-3BE8-4112-B253-C5D6CDE2924C\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8476 / Error
Event Submitted/Written: 11/07/2007 08:37:38 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TeaTimer.exe, version 1.5.0.9, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8469 / Error
Event Submitted/Written: 11/06/2007 10:23:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16544, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8468 / Error
Event Submitted/Written: 11/06/2007 10:23:54 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16544, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8467 / Error
Event Submitted/Written: 11/06/2007 10:17:32 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16544, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8465 / Error
Event Submitted/Written: 11/05/2007 11:40:08 PM / 11/05/2007 11:40:09 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16544, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19655 / Error
Event Submitted/Written: 11/09/2007 06:47:57 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type19629 / Error
Event Submitted/Written: 11/09/2007 06:34:55 AM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type19551 / Error
Event Submitted/Written: 11/06/2007 10:37:12 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer VALUED-11599CE5
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5795FB5-8FC.
The master browser is stopping or an election is being forced.

Event Record #/Type19531 / Error
Event Submitted/Written: 11/06/2007 10:35:26 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type19527 / Error
Event Submitted/Written: 11/06/2007 10:13:10 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer VALUED-11599CE5
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A5795FB5-8FC.
The master browser is stopping or an election is being forced.



-- End of Deckard's System Scanner: finished at 2007-11-09 07:03:18 ------------



Deckard's System Scanner v20071014.68
Run by Ben on 2007-11-09 06:56:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-11-09 11:56:33 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as Ben.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:53 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Games Enhancement\gameen.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Ride Games\GPlayer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ben\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Ben.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7A2ECFC6-C671-4E95-95F5-AA7B16ACA98D} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: {0a259cfa-be31-e3f8-63f4-c6b4d56cb278} - {872bc65d-4b6c-4f36-8f3e-13ebafc952a0} - C:\WINDOWS\system32\quyhfqab.dll
O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DED316E1-CF97-4D79-BBAE-69CB14315DEC} - (no file)
O2 - BHO: (no name) - {E517BE6C-4643-49A5-BA9C-A5028FE5F142} - C:\WINDOWS\system32\awtqn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: (no name) - {9FB3908C-6565-4CB0-95F8-E9F85258723C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) - http://www.worldwinner.com/games/v44/scrab...rabblecubes.cab
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinner.com/games/v46/skillgam/skillgam.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-48.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.winkflash.com/photo/loaders/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popinsan...aploader_v7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5795FB5-8FCE-4000-93CF-6164C69E07CB}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA3D7A27-51F8-4F25-A5B0-CEA8BD6D8099}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{D58F8936-206A-4BB3-976B-6B5EE9A5868C}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: gebyxxw - C:\WINDOWS\SYSTEM32\gebyxxw.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Games Enhancement Service - Exent Technologies Ltd. - C:\Program Files\Common Files\Games Enhancement\gameen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13766 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20071102-214045-667 O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/share...GamesLoader.cab
backup-20071102-214045-687 O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
backup-20071102-214046-108 O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v48/pool/pool.cab
backup-20071102-214047-634 O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinner.com/games/v49/bjattack/bjattack.cab
backup-20071102-214048-955 O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v47/blockwerx/blockwerx.cab
backup-20071102-214049-190 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
backup-20071102-214050-745 O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://www.worldwinner.com/games/v45/wordmojo/wordmojo.cab
backup-20071102-214051-481 O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
backup-20071102-214052-624 O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v45/sol/sol.cab
backup-20071102-214053-279 O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinner.com/games/v48/luxor/luxor.cab
backup-20071102-214054-695 O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v64/swapit/swapit.cab
backup-20071102-214055-503 O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) - http://www.worldwinner.com/games/v44/royal/royal.cab
backup-20071102-214056-843 O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
backup-20071102-214057-303 O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} (WWSpades Control) - http://www.worldwinner.com/games/v46/wwspades/wwspades.cab

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 X4HSX32Ex - c:\program files\free ride games\x4hsx32ex.sys <Not Verified; Exent Technologies Ltd.; Exent EXETender® for Win2K>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\idsdefs\20061025.029\symidsco.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Games Enhancement Service - "c:\program files\common files\games enhancement\gameen.exe" <Not Verified; Exent Technologies Ltd.; Exent® Games Enhancement Manager>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-01 00:10:46 348 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-10-15 00:24:24 346 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2007-10-09 and 2007-11-09 -----------------------------

2007-11-08 20:38:18 80448 --a------ C:\WINDOWS\system32\quyhfqab.dll
2007-11-07 20:36:55 79936 --a------ C:\WINDOWS\system32\vrnobfvq.dll
2007-11-05 19:15:10 83008 --a------ C:\WINDOWS\system32\kkwhpfsa.dll
2007-11-04 19:18:28 78912 --a------ C:\WINDOWS\system32\rywkktcy.dll
2007-11-03 14:10:36 81472 --a------ C:\WINDOWS\system32\brcvwelm.dll
2007-11-02 20:09:53 0 d-------- C:\Program Files\Trend Micro
2007-11-02 14:05:20 82496 --a------ C:\WINDOWS\system32\ttacpbei.dll
2007-11-01 23:24:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 22:46:36 0 d-------- C:\Program Files\Lavasoft
2007-11-01 22:46:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-01 22:45:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-01 22:02:18 0 d-------- C:\WINDOWS\pss
2007-11-01 18:37:25 76864 --a------ C:\WINDOWS\system32\lixpxiim.dll
2007-10-31 18:36:06 0 --a------ C:\WINDOWS\system32\kitiwlvi.dll
2007-10-30 16:49:28 0 --a------ C:\WINDOWS\system32\iesfgahd.dll
2007-10-29 14:25:05 0 --a------ C:\WINDOWS\system32\pdsiwkil.dll
2007-10-28 14:28:00 0 --a------ C:\WINDOWS\system32\ndkdaaic.dll
2007-10-27 14:28:39 0 --a------ C:\WINDOWS\system32\jiwjpfjq.dll
2007-10-26 14:32:33 0 --a------ C:\WINDOWS\system32\cuiatelg.dll
2007-10-25 21:45:17 0 --a------ C:\WINDOWS\system32\pmkphtjt.dll
2007-10-24 11:19:45 0 --a------ C:\WINDOWS\system32\gfneydas.dll
2007-10-22 21:10:42 0 --a------ C:\WINDOWS\system32\bhmdgogg.dll
2007-10-22 15:45:34 0 --a------ C:\WINDOWS\system32\gxglrnod.dll
2007-10-21 15:49:25 0 --a------ C:\WINDOWS\system32\boprdltg.dll
2007-10-20 12:51:12 0 --a------ C:\WINDOWS\system32\cebwrbix.dll
2007-10-19 15:38:53 0 d-------- C:\Documents and Settings\Ben\Application Data\Eyeblaster
2007-10-19 12:35:39 0 --a------ C:\WINDOWS\system32\hlpmvqsh.dll
2007-10-19 12:35:20 68865 ---hs---- C:\WINDOWS\system32\nqtwa.bak2
2007-10-18 05:19:39 0 d-------- C:\Docum
2007-10-18 05:19:26 0 --a------ C:\WINDOWS\system32\tosanuev.dll
2007-10-17 13:49:33 60536 ---hs---- C:\WINDOWS\system32\nqtwa.bak1
2007-10-17 13:48:12 316000 --a------ C:\WINDOWS\system32\awtqn.dll
2007-10-17 13:42:53 23552 --a------ C:\WINDOWS\system32\gebyxxw.dll


-- Find3M Report ---------------------------------------------------------------

2007-11-09 06:48:07 0 d-------- C:\Program Files\Common Files\Games Enhancement
2007-11-08 21:21:47 0 d-------- C:\Program Files\Incomplete
2007-11-08 21:07:17 0 d-------- C:\Program Files\iTunes
2007-11-01 22:45:14 0 d-------- C:\Program Files\Common Files
2007-10-28 20:32:02 0 d-------- C:\Program Files\FirstClass
2007-10-27 13:45:27 0 d-------- C:\Program Files\Games
2007-10-20 19:16:42 0 d-------- C:\Program Files\HP Games
2007-10-16 20:40:18 1140 --a------ C:\Documents and Settings\Ben\Application Data\wklnhst.dat
2007-10-09 19:11:20 0 d-------- C:\Documents and Settings\Ben\Application Data\PlayFirst
2007-10-09 17:21:43 0 d-------- C:\Program Files\iWin.com
2007-10-06 19:39:31 0 d-------- C:\Program Files\McAfee
2007-10-04 17:47:13 24892 --a------ C:\Documents and Settings\Ben\Application Data\NMM-MetaData.db
2007-10-04 17:46:35 0 d-------- C:\Documents and Settings\Ben\Application Data\Nokia Multimedia Player
2007-08-29 18:43:14 0 -rahs---- C:\MSDOS.SYS
2007-08-29 18:43:14 0 -rahs---- C:\IO.SYS


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A2ECFC6-C671-4E95-95F5-AA7B16ACA98D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872bc65d-4b6c-4f36-8f3e-13ebafc952a0}]
11/08/2007 08:38 PM 80448 --a------ C:\WINDOWS\system32\quyhfqab.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}]
01/31/2007 04:58 AM 78848 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DED316E1-CF97-4D79-BBAE-69CB14315DEC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E517BE6C-4643-49A5-BA9C-A5028FE5F142}]
10/17/2007 01:48 PM 316000 --a------ C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [11/10/2005 11:05 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 03:03 PM]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [02/17/2005 01:11 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/19/2005 03:50 PM]
"@"="" []
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [12/12/2005 01:39 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [12/22/2005 10:57 AM]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [10/11/2005 12:23 PM]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [02/09/2006 11:52 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/22/2006 10:32 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/2006 03:24 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [08/16/2007 02:14 AM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 12:27 PM]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [08/01/2005 04:26 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 10:00 AM]
"Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe" [07/09/2007 01:36 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [11/30/2006 09:49 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebyxxw]
gebyxxw.dll 10/17/2007 01:42 PM 23552 C:\WINDOWS\system32\gebyxxw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe




-- End of Deckard's System Scanner: finished at 2007-11-09 07:03:18 ------------

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:23 AM

Posted 10 November 2007 - 06:44 PM

Hi deejei1

please give me some time to go through these logs and i'll get back to you.
Thx

BBPP6nz.png


#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:23 AM

Posted 12 November 2007 - 06:44 PM

Hi deejei1

Step 1
Your log is showing a 'downloader' located in the IWins folder.
Please uninstall this Program using your 'add or remove'
There are also some other games running from this folder which are probably bundled with adware.
'Free' screensavers also come bundled with adware so please uninstall these as well.

Click on start... settings... control panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following:

Are You Smarter Than A 5th Grader (remove only)
Family Feud II (remove only)
Safecracker (remove only)
Sprill (remove only)
Starcrossed (remove only)

then
iWin Games (remove only)
Astro Gemini Screensaver Manager 1.2
Screensavers Installer Version 2


Optional
You have 'Limewire' installed:
Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Ares, Limewire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.

Additional information on the safety of Peer to Peer programs themselves is here : http://p2p.malwareremoval.com/

If you do decide to keep this program.... please refrain from using it until you are clean.

Step 2
Now please reboot your computer in Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, (you will have to use the 'Arrow keys' to navigate in this window) then press "Enter".
* Choose your usual account.

Click on Start .... My Computer..... select your normal drive (usually 'C')
Then click on Program Files
Delete these folders...... right click on each Folder in turn and select Delete. (only the folder highlighted, not the program files folder) Don't worry if they're not there.
Folder..............C:\Program Files\iWin Games
Folder..............C:\Program Files\iWin.com
Folder..............C:\Program Files\Astro Gemini Software
Folder..............C:\Program Files\Screensavers.com

Optional
If you removed Limewire..... please delete this folder.

Folder..............C:\Program Files\Limewire

Reboot your pc back into normal mode.

Step 3
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6u3...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.

Step 4
Please download ComboFix
and save it to your 'Desktop'.

**Note: It is important that it is saved directly to your desktop**

Now:
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(you can re-enable them again after the scan has completed)

if you need any help with this.... there's a tutorial Here that will help.

Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. This may cause it to stall

So, in your next reply please post:
ComboFix.txt report
A new Hjt log.

BBPP6nz.png


#7 deejei1

deejei1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:23 AM

Posted 17 November 2007 - 11:58 PM

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.132 [GMT -5:00]Running from: C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\NFZPQN1S\ComboFix[1].exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\Starware316
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\images\clear.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\images\cloudy.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\images\mcloud.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\images\nclear.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\images\ncloudy.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\images\npcloud.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\images\pcloud.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Highlight.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\HighlightHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlighthotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\highlightxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\screensaver.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\related.xml
C:\Documents and Settings\All Users\Application Data\Starware316\contexts\travel.xml
C:\Documents and Settings\All Users\Application Data\Starware316\Games\images\active\Games0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\clear.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\cloudy.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\mcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\nclear.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\ncloudy.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\npcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\pcloud.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\images\walertXP.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\Movies\images\active\Movies0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\ScreensaversMarketingSitePager\images\active\ScreensaversMarketingSitePager0.bmp
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml
C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup
C:\Documents and Settings\Ben\Application Data\macromedia\Flash Player\#SharedObjects\E3JQ8RMK\www.broadcaster.com
C:\Documents and Settings\Ben\Application Data\macromedia\Flash Player\#SharedObjects\E3JQ8RMK\www.broadcaster.com\played_list.sol
C:\Documents and Settings\Ben\Application Data\macromedia\Flash Player\#SharedObjects\E3JQ8RMK\www.broadcaster.com\video_queue.sol
C:\Documents and Settings\Ben\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Ben\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Ben\Application Data\Starware316
C:\Documents and Settings\Ben\Application Data\Starware316\Games\GamesOptions.xml
C:\Documents and Settings\Ben\Application Data\Starware316\Games\GamesOptions.xml.backup
C:\Documents and Settings\Ben\Application Data\Starware316\Movies\MoviesOptions.xml
C:\Documents and Settings\Ben\Application Data\Starware316\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Ben\Application Data\Starware316\Screensavers\ScreensaversOptions.xml
C:\Documents and Settings\Ben\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup
C:\Documents and Settings\Ben\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Ben\Application Data\Starware316\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awtqn.dll
C:\WINDOWS\system32\nqtwa.bak1
C:\WINDOWS\system32\nqtwa.bak2
C:\WINDOWS\system32\nqtwa.ini
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2007-10-18 to 2007-11-18 )))))))))))))))))))))))))))))))
.

2007-11-17 23:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-17 23:00 <DIR> d-------- C:\Documents and Settings\Ben\.SunDownloadManager
2007-11-17 13:44 85,056 --a------ C:\WINDOWS\system32\gfikvono.dll
2007-11-09 06:56 <DIR> d-------- C:\Deckard
2007-11-02 20:09 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-01 23:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-01 22:46 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-01 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-01 22:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-01 22:02 <DIR> d-------- C:\WINDOWS\pss
2007-10-19 15:38 <DIR> d-------- C:\Documents and Settings\Ben\Application Data\Eyeblaster
2007-10-18 05:19 <DIR> d-------- C:\Docum

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-18 04:28 --------- d-----w C:\Program Files\Common Files\Games Enhancement
2007-11-18 04:05 --------- d-----w C:\Program Files\Java
2007-11-18 03:32 --------- d-----w C:\Program Files\Incomplete
2007-11-18 03:24 --------- d-----w C:\Program Files\iWin.com
2007-11-17 21:57 --------- d-----w C:\Program Files\iTunes
2007-11-13 04:09 1,272 ----a-w C:\Documents and Settings\Ben\Application Data\wklnhst.dat
2007-10-29 01:32 --------- d-----w C:\Program Files\FirstClass
2007-10-27 18:45 --------- d-----w C:\Program Files\Games
2007-10-21 00:16 --------- d-----w C:\Program Files\HP Games
2007-10-12 21:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-10 00:11 --------- d-----w C:\Documents and Settings\Ben\Application Data\PlayFirst
2007-10-10 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2007-10-07 00:39 --------- d-----w C:\Program Files\McAfee
2007-10-04 22:46 --------- d-----w C:\Documents and Settings\Ben\Application Data\Nokia Multimedia Player
2006-06-23 07:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-06-22 15:29 37,311,488 ----a-w C:\Program Files\iTunesSetup.exe
2006-06-22 15:03 1,034,794 ----a-w C:\Program Files\wrar36b5.exe
2006-06-22 14:33 251 ----a-w C:\Program Files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7312f89f-b5ee-4c16-95ab-d24db853ba5c}]
C:\WINDOWS\system32\pdmsefat.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7A2ECFC6-C671-4E95-95F5-AA7B16ACA98D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DED316E1-CF97-4D79-BBAE-69CB14315DEC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 23:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 23:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 15:50]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 13:39]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 10:57]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 12:23]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 11:52]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-22 10:32]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 15:24]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-16 02:14]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 12:27]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 16:26]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 01:33]
"76733dc0"="C:\WINDOWS\system32\gfikvono.dll" [2007-11-17 13:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 10:00]
"Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe" [2007-07-09 13:36]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2006-11-30 21:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awtqn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 GameEnhV1;GameEnhV1;\??\C:\WINDOWS\system32\Drivers\GameEnh.sys
R2 Games Enhancement Service;Games Enhancement Service;"C:\Program Files\Common Files\Games Enhancement\gameen.exe"
R2 X4HSX32Ex;X4HSX32Ex;\??\C:\Program Files\Free Ride Games\X4HSX32Ex.Sys
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

.
Contents of the 'Scheduled Tasks' folder
"2007-10-15 05:24:24 C:\WINDOWS\Tasks\McDefragTask.job"
"2007-11-01 05:10:46 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 23:29:21
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????i????|?`???? ???B?????????????hLC? ??????

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-11-17 23:33:04 - machine was rebooted
.
--- E O F ---

#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:23 AM

Posted 18 November 2007 - 04:31 AM

Hi deejei1,

**Note: It is important that it is saved directly to your desktop**


You are running 'ComboFix' from:C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\NFZPQN1S\ComboFix[1].exe
Any 'CfScript' we need to run will not work unless 'ComboFix' is running from the correct directory.

Please follow the instructions in the previous post correctly and post back another 'ComboFix' report.
I also need to see a new Hjt log.
Thx.

BBPP6nz.png


#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:08:23 AM

Posted 28 November 2007 - 03:23 PM

Hi deejei1,
How are things going?
Do you still need help?

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users