Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windefend/ Unknown


  • This topic is locked This topic is locked
2 replies to this topic

#1 toddpowers

toddpowers

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:19 AM

Posted 27 April 2008 - 12:16 PM

When IE is open, I've been having numerous popups. Especially for viral fixes. Any help would be greatly appreciated. Thanks in advance.

---------------------------------------------

Deckard's System Scanner v20071014.68
Run by Stacy on 2008-04-27 12:48:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
8: 2008-04-26 21:22:00 UTC - RP119 - Installed Ad-Aware 2007
7: 2008-04-26 16:39:52 UTC - RP118 - Installed Java™ 6 Update 5
6: 2008-04-26 16:16:23 UTC - RP117 - Windows Defender Checkpoint
5: 2008-04-26 07:44:28 UTC - RP115 - Windows Defender Checkpoint
4: 2008-04-24 19:45:18 UTC - RP113 - Windows Update


-- First Restore Point --
1: 2008-04-22 03:37:37 UTC - RP110 - Windows Update


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 89% (more than 75%).
Total Physical Memory: 958 MiB (1024 MiB recommended).


-- HijackThis (run as Stacy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:30 PM, on 4/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Users\Stacy\Desktop\dss.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Stacy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MT3705
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MT3705
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MT3705
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=MT3705
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM6bb5a064] Rundll32.exe "C:\Users\Stacy\AppData\Local\Temp\wgxcepve.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stacy\AppData\Local\Temp\hgGWonOe.dll,c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} (PogoWebLauncher Control) - http://www.pogo.com/cdl/launcher/PogoWebLa...erInstaller.CAB
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {935F9B04-0C7B-4454-A391-348C54AD7ADD} (Jolly Bear Games Player) - http://www.gamehouse.com/realarcade-webgam...BGamePlayer.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/realarcade-webgam...zylomplayer.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 10710 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080426-215005-201 O4 - HKCU\..\Run: [BM6bb5a064] Rundll32.exe "C:\Users\Stacy\AppData\Local\Temp\gfiwmefu.dll",s
backup-20080426-215005-250 O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Stacy\AppData\Local\Temp\hgGxWQhh.dll,#1
backup-20080426-215005-744 O4 - HKCU\..\Run: [688693f8] rundll32.exe "C:\Users\Stacy\AppData\Local\Temp\rajehych.dll",b
backup-20080426-215005-964 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stacy\AppData\Local\Temp\hgGWonOe.dll,c
backup-20080426-215548-228 O4 - HKCU\..\Run: [BM6bb5a064] Rundll32.exe "C:\Users\Stacy\AppData\Local\Temp\gfiwmefu.dll",s
backup-20080426-215548-318 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stacy\AppData\Local\Temp\hgGWonOe.dll,c
backup-20080426-225701-642 O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Stacy\AppData\Local\Temp\hgGWonOe.dll,c

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-27 04:14:11 418 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{086B46FE-4526-45FC-8E63-4ECBEF3A0C7C}.job
2008-01-21 19:30:14 260 --a------ C:\Windows\Tasks\WebReg Photosmart C5200 series.job


-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-26 21:33:12 0 d-------- C:\Program Files\Trend Micro
2008-04-26 17:23:06 0 d-------- C:\Program Files\Lavasoft
2008-04-26 17:23:05 0 d-------- C:\Users\All Users\Lavasoft
2008-04-26 17:21:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-26 16:41:12 0 d-------- C:\Users\All Users\Fashion Solitaire 1.2
2008-04-26 03:29:31 0 d-------- C:\Windows\system32\pnVes05
2008-04-26 03:29:30 0 d------c- C:\Temp
2008-04-25 16:04:34 0 d-------- C:\Program Files\iPod
2008-04-25 16:04:06 0 d-------- C:\Program Files\iTunes
2008-04-25 15:59:40 0 d-------- C:\Program Files\QuickTime
2008-04-25 15:49:15 0 d-------- C:\Program Files\Apple Software Update
2008-04-21 23:40:15 0 d-------- C:\Program Files\Alwil Software
2008-04-16 21:05:40 0 d-------- C:\Users\All Users\Yahoo! Companion
2008-04-12 20:46:46 0 d-------- C:\Program Files\TryMedia
2008-04-12 20:33:37 0 d-------- C:\Program Files\Yahoo! Games
2008-03-28 19:49:54 0 d-------- C:\Users\All Users\Christmasville


-- Find3M Report ---------------------------------------------------------------

2008-04-27 11:56:10 0 d-------- C:\Users\Stacy\AppData\Roaming\OpenOffice.org2
2008-04-26 17:21:21 0 d-------- C:\Program Files\Common Files
2008-04-26 16:34:45 0 d-------- C:\Program Files\Oberon Media
2008-04-26 12:55:35 0 d-------- C:\Program Files\Java
2008-04-26 02:03:43 0 d-------- C:\Users\Stacy\AppData\Roaming\LimeWire
2008-04-25 23:58:45 0 d-------- C:\Users\Stacy\AppData\Roaming\iWin
2008-04-25 01:28:32 0 d-------- C:\Users\Stacy\AppData\Roaming\U3
2008-04-19 19:18:32 0 d-------- C:\Program Files\EA GAMES
2008-04-18 22:26:32 0 d-------- C:\Users\Stacy\AppData\Roaming\cerasus.media
2008-04-18 21:45:12 0 d-------- C:\Program Files\MSN Games
2008-04-18 20:23:25 0 d-------- C:\Program Files\RealArcade
2008-04-18 20:13:02 514 --a------ C:\Users\Stacy\AppData\Roaming\wklnhst.dat
2008-04-16 21:05:40 0 d-------- C:\Users\Stacy\AppData\Roaming\Yahoo!
2008-04-12 18:19:20 0 d-------- C:\Users\Stacy\AppData\Roaming\Adobe
2008-04-09 10:33:38 0 d-------- C:\Program Files\Windows Mail
2008-04-08 21:41:37 0 d-------- C:\Users\Stacy\AppData\Roaming\PlayFirst
2008-03-30 20:16:48 0 d-------- C:\Users\Stacy\AppData\Roaming\TheScruffs
2008-03-28 18:36:36 0 d-------- C:\Users\Stacy\AppData\Roaming\BloodTies
2008-03-26 17:46:26 0 d-------- C:\Users\Stacy\AppData\Roaming\Big Fish Games
2008-03-22 18:15:59 0 d-------- C:\Users\Stacy\AppData\Roaming\Flood Light Games
2008-03-13 21:21:17 0 d-------- C:\Program Files\GameTap
2008-03-13 21:21:15 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-13 21:20:14 0 d-------- C:\Users\Stacy\AppData\Roaming\InstallShield
2008-03-13 20:12:35 0 d-------- C:\Program Files\bfgclient
2008-03-11 21:40:38 0 d-------- C:\Users\Stacy\AppData\Roaming\Pogo Games
2008-03-09 22:15:11 0 d-------- C:\Program Files\Yahoo!


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
03/02/2007 05:52 PM 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [04/11/2007 03:02 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/29/2006 05:09 AM]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [07/11/2006 09:12 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [12/21/2006 01:28 PM]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [09/06/2006 04:12 PM]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [11/16/2006 08:04 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 10:34 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [03/29/2008 02:37 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"MSConfig"="C:\Windows\system32\msconfig.exe" [11/02/2006 05:45 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll,ShowWelcomeCenter" []
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [03/15/2007 07:16 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]
"BM6bb5a064"="C:\Users\Stacy\AppData\Local\Temp\wgxcepve.dll,s" []
"cmds"="C:\Users\Stacy\AppData\Local\Temp\hgGWonOe.dll,c" []

C:\Users\Stacy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [10/27/2006 12:24:54 AM]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2/2/2007 6:54:56 PM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 10:26:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
rundll32.exe C:\Users\Stacy\AppData\Local\Temp\hgGWonOe.dll,c

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3903d7e8-114e-11dd-a4ae-0003254216ec}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ee58b7e-9115-11db-9187-806e6f6e6963}]
AutoRun\command- E:\Autorun.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-04-27 13:07:43 ------------

----------------------------------------------------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2060 @ 1.60GHz
Percentage of Memory in Use: 88%
Physical Memory (total/avail): 957.5 MiB / 106.5 MiB
Pagefile Memory (total/avail): 2171.89 MiB / 1082.63 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.92 MiB

C: is Fixed (NTFS) - 83.39 GiB total, 28.06 GiB free.
D: is Fixed (NTFS) - 9.77 GiB total, 4.47 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HTS421210H9AT00 ATA Device - 93.16 GiB - 2 partitions
\PARTITION0 - Installable File System - 9.77 GiB - D:
\PARTITION1 (bootable) - Installable File System - 83.39 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: avast! antivirus 4.8.1169 [VPS 080427-0] v4.8.1169 (ALWIL Software)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)
AS: avast! antivirus 4.8.1169 [VPS 080427-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Stacy\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STACY-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Stacy
LOCALAPPDATA=C:\Users\Stacy\AppData\Local
LOGONSERVER=\\STACY-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Stacy\AppData\Local\Temp
TMP=C:\Users\Stacy\AppData\Local\Temp
USERDOMAIN=Stacy-PC
USERNAME=Stacy
USERPROFILE=C:\Users\Stacy
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Stacy


-- Add/Remove Programs ---------------------------------------------------------

32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems HDA Modem --> agrsmdel
Animal Agents --> "C:\Program Files\MSN Games\Animal Agents\Uninstall.exe" "C:\Program Files\MSN Games\Animal Agents\install.log"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI Catalyst Control Center Ex --> MsiExec.exe /I{CEEAE512-2C19-CA09-2444-1E3FD7205E52}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bejeweled 2 Deluxe --> "C:\Program Files\Gateway Games\Bejeweled 2 Deluxe\Uninstall.exe"
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blasterball 3 --> "C:\Program Files\Gateway Games\Blasterball 3\Uninstall.exe"
Browser Address Error Redirector --> regsvr32 /u /s "c:\google\BAE.dll"
Chuzzle Deluxe --> "C:\Program Files\Gateway Games\Chuzzle Deluxe\Uninstall.exe"
Diner Dash --> "C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
Dora Lost City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\Setup.exe" -l0x9 -uninst
Drivers Install For Linksys Easylink Advisor --> MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
Family Feud --> "C:\Program Files\Gateway Games\Family Feud\Uninstall.exe"
Fashion Solitaire --> "C:\Program Files\Oberon Media\Fashion Solitaire\Uninstall.exe" "C:\Program Files\Oberon Media\Fashion Solitaire\install.log"
FATE --> "C:\Program Files\Gateway Games\FATE\Uninstall.exe"
FaxSee Pro version 2.70 --> "C:\Program Files\SFaxTools\FaxSeePro\unins000.exe"
GameTap --> C:\Program Files\InstallShield Installation Information\{67E158AF-8856-4337-B483-EA21930786AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Gateway Game Console --> "C:\Program Files\Gateway Games\Gateway Game Console\Uninstall.exe"
Gateway Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{034F8C89-C4F4-4731-A32B-F4294C04729F}\setup\hpzscr01.exe -datfile hposcr17.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JEOPARDY --> "C:\Program Files\Gateway Games\JEOPARDY\Uninstall.exe"
Lemonade Tycoon 2 --> "C:\Program Files\Gateway Games\Lemonade Tycoon 2\Uninstall.exe"
LimeWire 4.14.12 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys EasyLink Advisor 1.6 (0032) --> rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Macromedia Dreamweaver MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007 --> MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
OpenOffice.org 2.2 --> MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
Penguins! --> "C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
Polar Bowler --> "C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer --> "C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealArcade --> "C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
SCRABBLE --> "C:\Program Files\Gateway Games\SCRABBLE\Uninstall.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x9 -remove -removeonly
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Family Fun Stuff --> C:\Program Files\EA GAMES\The Sims 2 Family Fun Stuff\EAUninstall.exe
The Sims 2 Glamour Life Stuff --> C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business --> C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
The Sims 2 University --> C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims™ 2 Bon Voyage --> C:\Program Files\EA GAMES\The Sims 2 Bon Voyage\EAUninstall.exe
The Sims™ 2 Celebration! Stuff --> C:\Program Files\EA GAMES\The Sims 2 Celebration! Stuff\EAUninstall.exe
The Sims™ 2 FreeTime --> C:\Program Files\EA GAMES\The Sims 2 FreeTime\EAUninstall.exe
The Sims™ 2 H&M® Fashion Stuff --> C:\Program Files\EA GAMES\The Sims 2 H&M® Fashion Stuff\EAUninstall.exe
The Sims™ 2 Kitchen & Bath Interior Design Stuff --> C:\Program Files\EA GAMES\The Sims 2 Kitchen & Bath Interior Design Stuff\EAUninstall.exe
The Sims™ 2 Seasons --> C:\Program Files\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
The Sims™ 2 Teen Style Stuff --> C:\Program Files\EA GAMES\The Sims 2 Teen Style Stuff\EAUninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type19601 / Error
Event Submitted/Written: 04/27/2008 00:12:17 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module ctjgkfgl.dll, version 0.0.0.0, time stamp 0x75232fca, exception code 0xc0000005, fault offset 0x000036a9,
process id 0x768, application start time 0xExplorer.EXE0.

Event Record #/Type19594 / Success
Event Submitted/Written: 04/27/2008 11:54:47 AM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type19593 / Success
Event Submitted/Written: 04/27/2008 11:54:46 AM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type19589 / Success
Event Submitted/Written: 04/27/2008 11:54:03 AM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type19579 / Error
Event Submitted/Written: 04/27/2008 01:57:47 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application Explorer.EXE, version 6.0.6000.16549, time stamp 0x46d230c5, faulting module ctjgkfgl.dll, version 0.0.0.0, time stamp 0x75232fca, exception code 0xc0000005, fault offset 0x000036a9,
process id 0x570, application start time 0xExplorer.EXE0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type65305 / Warning
Event Submitted/Written: 04/27/2008 01:05:14 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Stacy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Stacy-PC27 can't undo changes that you allow.

For more information please see the following:
%Stacy-PC275

Scan ID: {7311EFF1-7E6A-463A-A8D0-92AE6BA28889}

User: Stacy-PC\Stacy

Name: %Stacy-PC271

ID: %Stacy-PC272

Severity ID: %Stacy-PC273

Category ID: %Stacy-PC274

Path Found: %Stacy-PC276

Alert Type: %Stacy-PC278

Detection Type: 1.1.1505.02

Event Record #/Type65304 / Warning
Event Submitted/Written: 04/27/2008 01:05:13 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Stacy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Stacy-PC27 can't undo changes that you allow.

For more information please see the following:
%Stacy-PC275

Scan ID: {000C9B17-5D7B-4054-BA2A-3EF39ED21D71}

User: Stacy-PC\Stacy

Name: %Stacy-PC271

ID: %Stacy-PC272

Severity ID: %Stacy-PC273

Category ID: %Stacy-PC274

Path Found: %Stacy-PC276

Alert Type: %Stacy-PC278

Detection Type: 1.1.1505.02

Event Record #/Type65294 / Warning
Event Submitted/Written: 04/27/2008 00:22:31 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Stacy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Stacy-PC27 can't undo changes that you allow.

For more information please see the following:
%Stacy-PC275

Scan ID: {120109AD-DD18-4E40-81A4-71263309E5A5}

User: Stacy-PC\Stacy

Name: %Stacy-PC271

ID: %Stacy-PC272

Severity ID: %Stacy-PC273

Category ID: %Stacy-PC274

Path Found: %Stacy-PC276

Alert Type: %Stacy-PC278

Detection Type: 1.1.1505.02

Event Record #/Type65292 / Warning
Event Submitted/Written: 04/27/2008 00:22:09 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Stacy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Stacy-PC27 can't undo changes that you allow.

For more information please see the following:
%Stacy-PC275

Scan ID: {11431B3B-18B4-49BD-B0FD-2A4893BE3FD6}

User: Stacy-PC\Stacy

Name: %Stacy-PC271

ID: %Stacy-PC272

Severity ID: %Stacy-PC273

Category ID: %Stacy-PC274

Path Found: %Stacy-PC276

Alert Type: %Stacy-PC278

Detection Type: 1.1.1505.02

Event Record #/Type65289 / Warning
Event Submitted/Written: 04/27/2008 00:18:00 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%Stacy-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %Stacy-PC27 can't undo changes that you allow.

For more information please see the following:
%Stacy-PC275

Scan ID: {6A58DE6A-744A-486E-9A25-C3141568DDFB}

User: Stacy-PC\Stacy

Name: %Stacy-PC271

ID: %Stacy-PC272

Severity ID: %Stacy-PC273

Category ID: %Stacy-PC274

Path Found: %Stacy-PC276

Alert Type: %Stacy-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-04-27 13:07:43 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:19 AM

Posted 07 May 2008 - 01:45 PM

Hello toddpowers,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:19 AM

Posted 18 May 2008 - 07:55 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users