Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Infected With New Malware.j Trogan


  • This topic is locked This topic is locked
2 replies to this topic

#1 joe dirt81

joe dirt81

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:53 PM

Posted 28 April 2008 - 09:38 PM

This all started saturday morning. Computer started to slow down, rebooted, noticed pop ups starting to come up. Then macafee picked up on the trogan. Purchased spy doctor and have run that. Also have went through and deleted some programs out of the control panel. Also starting lastnight I will lose my task bar and all desk top icons, they will just disappear. But if I am running aim and have IE up they will stay. Also having a problem now when I click on one of my desktop items that it asks me which progam I would like to use to run the desktop item. For instance I clicked on IE and it aske me what program I'd like to use to run it.

Here are the hijackthis files.
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-27 23:18:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
79: 2008-04-28 03:19:51 UTC - RP346 - Deckard's System Scanner Restore Point
78: 2008-04-28 03:01:35 UTC - RP345 - Advanced Registry Optimizer Sun, Apr 27, 08 23:01
77: 2008-04-26 19:31:06 UTC - RP344 - Restore Operation
76: 2008-04-26 19:20:40 UTC - RP343 - Restore Operation
75: 2008-04-26 17:49:23 UTC - RP342 - Installed AVG Free 8.0


-- First Restore Point --
1: 2008-04-26 13:27:38 UTC - RP268 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:58 PM, on 4/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner.YOUR-EE04C78C56\cftmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\Rundll32.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\BigFix\bigfix.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Bat\X_Bat.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\winself.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Documents and Settings\Owner.YOUR-EE04C78C56\Local Settings\Temporary Internet Files\Content.IE5\7HBZIF8E\dss[1].exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.netscape.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3702
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3702
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX3702
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F} - C:\WINDOWS\system32\hgGxUOeF.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {50345BD9-99FA-4487-B065-6F410201CEEA} - C:\WINDOWS\system32\mlJYsQjk.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: {487f6dba-a506-fe4a-3b14-4c5cfe71a20f} - {f02a17ef-c5c4-41b3-a4ef-605aabd6f784} - C:\WINDOWS\system32\rlwptkgn.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKLM\..\Run: [autoload] C:\Documents and Settings\Owner.YOUR-EE04C78C56\cftmon.exe
O4 - HKLM\..\Run: [60c6de01] rundll32.exe "C:\WINDOWS\system32\wvixycpv.dll",b
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [BM63f5ed9d] Rundll32.exe "C:\WINDOWS\system32\pueodkdx.dll",s
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [ntuser] C:\WINDOWS\system32\drivers\spools.exe
O4 - HKCU\..\Run: [autoload] C:\Documents and Settings\Owner.YOUR-EE04C78C56\cftmon.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webvpn.hendrickauto.com/dana-cached...perSetupSP1.cab
O20 - Winlogon Notify: hgGxUOeF - C:\WINDOWS\SYSTEM32\hgGxUOeF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10519 bytes

-- File Associations -----------------------------------------------------------

.exe - exefile - shell\open\command - C:\Documents and Settings\Owner.YOUR-EE04C78C56\cftmon.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys <Not Verified; McAfee; McAfee Personal Firewall>
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>
R2 MsSecurity1.209.4 (MsSecurity Updated) - c:\windows\winself.exe service
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

S2 Schedule (Task Scheduler) - c:\windows\system32\drivers\spools.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 07:46:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-12-27 19:17:18 258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2008-03-27 and 2008-04-27 -----------------------------

2008-04-27 23:24:43 0 d-------- C:\Program Files\Trend Micro
2008-04-27 22:33:25 0 d-------- C:\Documents and Settings\Owner.YOUR-EE04C78C56\Application Data\Sammsoft
2008-04-27 22:15:56 0 d-------- C:\Program Files\Advanced Registry Optimizer
2008-04-27 20:14:26 0 d-------- C:\Program Files\Spyware Doctor
2008-04-27 20:14:26 0 d-------- C:\Documents and Settings\Owner.YOUR-EE04C78C56\Application Data\PC Tools
2008-04-27 10:02:55 107072 --a------ C:\WINDOWS\system32\rlwptkgn.dll
2008-04-27 09:49:11 94784 --a------ C:\WINDOWS\system32\wvixycpv.dll
2008-04-27 09:47:38 105024 --a------ C:\WINDOWS\system32\pueodkdx.dll
2008-04-26 15:39:22 0 d-------- C:\Program Files\Bat
2008-04-26 15:39:16 0 d-------- C:\Program Files\Veoh Networks
2008-04-26 15:25:20 0 d-------- C:\Program Files\webHancer(2)
2008-04-26 15:07:31 0 d--hs---- C:\WINDOWS\CSC
2008-04-26 13:54:54 0 d-------- C:\$AVG8.VAULT$
2008-04-26 13:50:42 0 d-------- C:\WINDOWS\system32\drivers\Avg(2)
2008-04-26 13:50:39 0 d-------- C:\Documents and Settings\Owner.YOUR-EE04C78C56\Application Data\AVGTOOLBAR
2008-04-26 13:49:44 0 d-------- C:\Program Files\AVG(2)
2008-04-26 13:49:40 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
2008-04-26 09:29:06 7340032 --a------ C:\Documents and Settings\Owner.YOUR-EE04C78C56\ntuser.dat
2008-04-26 09:28:57 39424 --a------ C:\WINDOWS\system32\ssqnlIYR.dll
2008-04-26 09:28:42 39424 --a------ C:\WINDOWS\system32\xxywxuur.dll
2008-04-26 09:28:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-04-26 09:27:23 6819 --ahs---- C:\WINDOWS\system32\kjQsYJlm.ini2
2008-04-26 09:27:18 283136 --a------ C:\WINDOWS\system32\mlJYsQjk.dll
2008-04-26 09:27:18 283136 --a------ C:\WINDOWS\system32\mlJYsQjk(2).dll
2008-04-26 09:26:32 39424 --a------ C:\WINDOWS\system32\tuvVMgfG.dll
2008-04-26 09:26:05 39424 --a------ C:\WINDOWS\system32\mlJYolkI.dll
2008-04-26 09:25:34 39424 --a------ C:\WINDOWS\system32\byXPJDsR.dll
2008-04-26 09:24:57 39424 --a------ C:\WINDOWS\system32\hgGvuTJb.dll
2008-04-26 09:23:40 39424 --a------ C:\WINDOWS\system32\nnnoMCtS.dll
2008-04-26 09:23:34 29696 --a------ C:\WINDOWS\winself.exe
2008-04-26 09:23:10 0 d-------- C:\WINDOWS\system32\xcsDd06
2008-04-26 09:22:54 39424 --a------ C:\WINDOWS\system32\jkkJywuR.dll
2008-04-26 09:22:32 12288 --a------ C:\Documents and Settings\Owner.YOUR-EE04C78C56\cftmon.exe
2008-04-26 09:21:37 39424 --a------ C:\WINDOWS\system32\ssqOHbBR.dll
2008-04-26 09:21:29 39424 --a------ C:\WINDOWS\system32\hgGxUOeF.dll
2008-04-26 09:21:29 39424 --a------ C:\WINDOWS\system32\hgGxUOeF(2).dll
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080.exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(9).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(8).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(7).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(6).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(58).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(57).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(56).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(55).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(54).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(53).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(52).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(51).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(50).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(5).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(49).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(48).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(47).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(46).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(45).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(44).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(43).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(42).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(41).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(40).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(4).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(39).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(38).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(37).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(36).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(35).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(34).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(33).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(32).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(31).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(30).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(3).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(29).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(28).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(27).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(26).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(25).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(24).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(23).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(22).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(21).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(20).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(2).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(19).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(18).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(17).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(16).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(15).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(14).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(13).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(12).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(11).exe
2008-04-26 00:52:08 8780 --a------ C:\WINDOWS\system32\000080(10).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(9).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(8).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(7).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(6).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(5).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(4).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(3).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(2).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(16).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(15).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(14).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(13).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(12).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(11).exe
2008-04-25 14:09:33 56832 --a------ C:\WINDOWS\system32\000070(10).exe
2008-03-30 14:57:37 0 d-------- C:\Program Files\Common Files\supportsoft


-- Find3M Report ---------------------------------------------------------------

2008-04-26 15:39:07 0 d-------- C:\Program Files\Google
2008-04-26 15:32:03 0 d-------- C:\Documents and Settings\Owner.YOUR-EE04C78C56\Application Data\Juniper Networks
2008-04-26 12:11:21 0 d-------- C:\Program Files\Common Files
2008-04-26 12:04:39 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-30 15:54:52 0 d-------- C:\Program Files\Gateway Games
2008-03-09 01:07:44 0 d-------- C:\Documents and Settings\Owner.YOUR-EE04C78C56\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}]
04/26/2008 09:21 AM 39424 --a------ C:\WINDOWS\system32\hgGxUOeF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50345BD9-99FA-4487-B065-6F410201CEEA}]
04/26/2008 09:27 AM 283136 --a------ C:\WINDOWS\system32\mlJYsQjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f02a17ef-c5c4-41b3-a4ef-605aabd6f784}]
04/27/2008 10:02 AM 107072 --a------ C:\WINDOWS\system32\rlwptkgn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [08/05/2005 11:56 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [06/09/2006 05:26 PM]
"Reminder"="%WINDIR%\Creator\Remind_XP.exe" []
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" []
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [05/10/2006 02:12 PM]
"AGRSMMSG"="AGRSMMSG.exe" [06/29/2006 04:32 PM C:\WINDOWS\AGRSMMSG.exe]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [07/08/2005 09:18 PM]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [08/12/2005 01:02 AM]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [09/22/2005 09:29 PM]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [08/26/2005 05:26 PM]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [09/26/2005 01:26 PM]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [08/12/2005 07:16 PM]
"VirusScan Online"="c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" [08/10/2005 03:49 PM]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [11/11/2005 08:00 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [12/15/2006 04:23 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56 AM]
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Owner.YOUR-EE04C78C56\cftmon.exe" [04/26/2008 09:22 AM]
"60c6de01"="C:\WINDOWS\system32\wvixycpv.dll" [04/27/2008 09:49 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [06/27/2007 01:54 PM]
"BM63f5ed9d"="C:\WINDOWS\system32\pueodkdx.dll" [04/27/2008 09:47 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 07:24 PM]
"AIM"="C:\Program Files\AIM95\aim.exe" [08/05/2005 04:08 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [02/22/2008 10:42 PM]
"@"="" []
"ntuser"="C:\WINDOWS\system32\drivers\spools.exe" []
"autoload"="C:\Documents and Settings\Owner.YOUR-EE04C78C56\cftmon.exe" [04/26/2008 09:22 AM]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\ARO.exe" [04/09/2008 02:22 PM]

C:\Documents and Settings\Owner.YOUR-EE04C78C56\Start Menu\Programs\Startup\
Bat - Auto Update.lnk - C:\Program Files\Bat\Bat.exe [4/26/2008 9:21:21 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [10/17/2006 1:46:38 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{1D0B1B2F-4D44-48DC-AE5A-F4BBBAE2A83F}"= C:\WINDOWS\system32\hgGxUOeF.dll [04/26/2008 09:21 AM 39424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGxUOeF]
hgGxUOeF.dll 04/26/2008 09:21 AM 39424 C:\WINDOWS\system32\hgGxUOeF.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJYsQjk

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- End of Deckard's System Scanner: finished at 2008-04-27 23:29:06 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2050 @ 1.60GHz
CPU 1: Genuine Intel® CPU T2050 @ 1.60GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 446.04 MiB / 187.89 MiB
Pagefile Memory (total/avail): 1051.75 MiB / 411.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1919.77 MiB

C: is Fixed (NTFS) - 50.58 GiB total, 39.17 GiB free.
D: is Fixed (FAT32) - 5.29 GiB total, 3.41 GiB free.
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - HTS421260H9AT00 - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 50.58 GiB - C:
\PARTITION1 - Unknown - 5.3 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: McAfee Personal Firewall Plus v (McAfee)
AV: McAfee VirusScan v (McAfee) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1161064323\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1161064323\\EE\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\1161064323\\ee\\aolservicehost.exe"="C:\\Program Files\\Common Files\\AOL\\1161064323\\ee\\aolservicehost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner.YOUR-EE04C78C56\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-EE04C78C56
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner.YOUR-EE04C78C56
LOGONSERVER=\\YOUR-EE04C78C56
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp
TMP=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp
USERDOMAIN=YOUR-EE04C78C56
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner.YOUR-EE04C78C56
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner.YOUR-EE04C78C56 (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=mpf /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\mpfrem.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
--> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=vso /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\vsoremui.dll::uninstall.htm
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Advanced Registry Optimizer --> "C:\Program Files\Advanced Registry Optimizer\unins000.exe"
Agere Systems HDA Modem --> agrsmdel
AOL Coach Version 2.0(Build:20041026.5 en) --> C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDP
AOL Instant Messenger --> C:\PROGRA~1\AIM95\uninstll.exe -LOG= C:\PROGRA~1\AIM95\install.log -OEM=
AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe"
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{7A45A09F-AA85-49EB-91D9-75EB3653116A}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Bat --> "C:\Program Files\Bat\un_BatSetup_15041.exe"
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blasterball 2 Revolution --> "C:\Program Files\Gateway Games\Blasterball 2 Revolution\Uninstall.exe"
Browser Address Error Redirector --> regsvr32 /u /s "c:\windows\system32\BAE.dll"
Diner Dash --> "C:\Program Files\Gateway Games\Diner Dash\Uninstall.exe"
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Solution --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
FATE --> "C:\Program Files\Gateway Games\FATE\Uninstall.exe"
FreeScan 2.1.0 --> "C:\Program Files\FreeScan\SETUP\setup.exe" /u
FTDI USB Serial Converter Drivers --> C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
Gateway Game Console --> "C:\Program Files\WildTangent\Apps\Gateway Game Console\Uninstall.exe"
gtw_logo --> C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Juniper Networks Host Checker --> "C:\Documents and Settings\Owner.YOUR-EE04C78C56\Application Data\Juniper Networks\Host Checker\uninstall.exe"
K-Lite Codec Pack 2.89 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
McAfee Uninstall Wizard --> C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /uninstall=1 /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\comrem.dll::uninstall.htm
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Napster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Penguins! --> "C:\Program Files\Gateway Games\Penguins!\Uninstall.exe"
Polar Bowler --> "C:\Program Files\Gateway Games\Polar Bowler\Uninstall.exe"
Polar Golfer --> "C:\Program Files\Gateway Games\Polar Golfer\Uninstall.exe"
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek USB 2.0 Card Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
SCRABBLE --> "C:\Program Files\Gateway Games\SCRABBLE\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB898458) -->
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tradewinds --> "C:\Program Files\Gateway Games\Tradewinds\Uninstall.exe"
TWC User Controls --> MsiExec.exe /I{DCC72248-D3D2-4846-8499-A400053A430E}
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{D1B11537-EA51-4DD8-BF1E-098BEE48868D}\setup.exe -runfromtemp -l0x0409
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type540 / Error
Event Submitted/Written: 04/27/2008 09:39:08 PM / 04/27/2008 09:39:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shlwapi.dll, version 6.0.2900.3314, fault address 0x00008430.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type536 / Error
Event Submitted/Written: 04/27/2008 08:12:01 PM / 04/27/2008 08:12:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type535 / Error
Event Submitted/Written: 04/27/2008 08:12:01 PM / 04/27/2008 08:12:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type534 / Error
Event Submitted/Written: 04/27/2008 10:23:17 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module sb.dll, version 9.2.0.0, fault address 0x00006937.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type527 / Error
Event Submitted/Written: 04/26/2008 03:53:52 PM
Event ID/Source: 2004 / PerfNet
Event Description:
Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type18714 / Error
Event Submitted/Written: 04/27/2008 10:55:47 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Spyware Doctor Service service terminated unexpectedly. It has done this 3 time(s).

Event Record #/Type18712 / Error
Event Submitted/Written: 04/27/2008 10:52:28 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Spyware Doctor Service service failed to start due to the following error:
%%1053

Event Record #/Type18711 / Error
Event Submitted/Written: 04/27/2008 10:52:28 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Spyware Doctor Service service to connect.

Event Record #/Type18710 / Error
Event Submitted/Written: 04/27/2008 10:51:23 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Spyware Doctor Service service terminated unexpectedly. It has done this 2 time(s).

Event Record #/Type18704 / Error
Event Submitted/Written: 04/27/2008 10:48:13 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Spyware Doctor Service service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-04-27 23:29:06 ------------

Edited by joe dirt81, 29 April 2008 - 06:09 PM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:53 PM

Posted 09 May 2008 - 10:49 AM

Hello joe dirt81,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:53 PM

Posted 19 May 2008 - 11:48 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users