Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected: Dropper.agent.git


  • This topic is locked This topic is locked
2 replies to this topic

#1 saven

saven

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:05 PM

Posted 05 May 2008 - 01:00 PM

Hey, everyone. My computer began refusing to connect to the internet yesterday and today I discovered, by running AVG, that it is infected with agent.dropper.git. (TeaTimer.exe, part of Spybot S&D, is the only instance I saw) Here are my logs, and thanks for your help.

Deckard's System Scanner v20071014.68
Run by Matt Solum on 2008-05-05 11:55:08
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-05-05 16:55:14 UTC - RP274 - Deckard's System Scanner Restore Point
54: 2008-05-05 13:18:46 UTC - RP273 - System Checkpoint
53: 2008-05-04 04:50:30 UTC - RP272 - System Checkpoint
52: 2008-05-03 03:50:24 UTC - RP271 - System Checkpoint
51: 2008-05-02 03:36:14 UTC - RP270 - System Checkpoint


-- First Restore Point --
1: 2008-03-10 00:33:00 UTC - RP220 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-05 12:19:55
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\?ecurity\?hkdsk.exe
C:\Program Files\Common Files\?ystem32\ntvdm.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
G:\dss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
F0 - win.ini: load=C:\WINDOWS\system32\mlljg.exe
F3 - REG:win.ini: Load=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36D31AAA-9430-4610-A0C6-919F380C3544} - C:\WINDOWS\system32\jkhfe.dll (file missing)
O2 - BHO: {40dd5cd3-fa41-303a-8474-14d9c42c6d74} - {47d6c24c-9d41-4748-a303-14af3dc5dd04} - C:\WINDOWS\system32\yqcnwrwb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {81364E4F-B176-4B6E-82A6-9DD0230927C3} - C:\WINDOWS\system32\awtqr.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AB8E6EE0-78A9-4E82-8C28-8CAEC5AE5101} - C:\WINDOWS\system32\awtsp.dll (file missing)
O2 - BHO: (no name) - {B2FA15DF-F141-FF97-17E7-A58F01532E9F} - C:\WINDOWS\system32\ycakih.dll
O2 - BHO: (no name) - {CF142852-5915-4790-AA51-AC28D54C375D} - C:\WINDOWS\system32\gebyv.dll (file missing)
O2 - BHO: (no name) - {D7FD6C15-4927-4AAE-BF12-FBDABD287EB1} - C:\WINDOWS\system32\awtttqr.dll (file missing)
O2 - BHO: (no name) - {EBE0545C-F7F6-4B86-842B-169B0E61C417} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {F64BD63A-75D9-49A3-BBCD-CA9250FD3B52} - C:\WINDOWS\system32\ddayx.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EasyMessage] H:\PortableApps\Easy Message\em2.exe
O4 - HKCU\..\Run: [Rebtynn] "C:\Program Files\?ecurity\?hkdsk.exe"
O4 - HKCU\..\Run: [Ibmo] "C:\PROGRA~1\COMMON~1\YSTEM3~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [Idzewb] "C:\Documents and Settings\Matt Solum\My Documents\?ystem32\r?ndll32.exe"
O4 - HKCU\..\Run: [Zqqmp] "C:\Program Files\??mantec\r?gedit.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = ?
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{23BE27FF-E5A7-470A-805C-C576F6D171E7}: NameServer = 192.168.254.254
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O20 - Winlogon Notify: awtttqr - C:\WINDOWS\system32\awtttqr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe


--
End of file - 9027 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S3 .nti2ident -
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 x10nets (X10 Device Network Service) - c:\progra~1\atimul~1\remctrl\x10nets.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-29 18:52:39 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-05 and 2008-05-05 -----------------------------

2008-05-03 20:39:57 60928 --a------ C:\WINDOWS\system32\ycakih.dll
2008-05-02 20:21:32 0 d-------- C:\WINDOWS\system32\?asks
2008-04-30 20:12:00 0 d-------- C:\Program Files\Common Files\??pPatch
2008-04-29 19:11:06 0 d-------- C:\Program Files\?ssembly
2008-04-28 13:00:05 0 d-------- C:\Program Files\onOne Software
2008-04-27 21:18:46 0 d-------- C:\Documents and Settings\All Users\Application Data\ALM
2008-04-27 19:41:40 0 d-------- C:\Documents and Settings\Matt Solum\.DownloadManager
2008-04-26 18:26:49 0 d-------- C:\Program Files\F?nts
2008-04-24 15:27:15 0 d-------- C:\WINDOWS\??crosoft
2008-04-18 16:18:24 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-04-18 16:13:32 0 d-------- C:\Program Files\Bonjour
2008-04-18 15:48:39 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-04-17 10:40:35 0 d-------- C:\WINDOWS\system32\??crosoft
2008-04-16 10:59:42 0 d-------- C:\WINDOWS\T?sks
2008-04-14 12:36:27 0 d-------- C:\WINDOWS\?ppPatch
2008-04-13 12:40:59 0 d-------- C:\Program Files\Common Files\?dobe
2008-04-12 17:23:44 0 d-------- C:\Program Files\Common Files\?ymbols
2008-04-11 16:28:22 0 d-------- C:\Program Files\Common Files\??sks
2008-04-10 18:57:26 0 d-------- C:\hp
2008-04-09 19:15:17 0 d-------- C:\Program Files\M?crosoft
2008-04-08 18:53:42 0 d-------- C:\Program Files\Common Files\?ppPatch


-- Find3M Report ---------------------------------------------------------------

2008-05-05 11:54:28 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\WTablet
2008-05-05 10:41:22 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\AVG7
2008-05-04 13:20:03 0 d-------- C:\Program Files\Outerinfo
2008-05-03 20:39:59 0 d-------- C:\Program Files\??mantec
2008-05-02 11:11:00 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\FontExplorerX
2008-04-30 20:12:00 0 d-------- C:\Program Files\Common Files
2008-04-30 20:12:00 0 d-------- C:\Program Files\Common Files\??pPatch
2008-04-29 19:11:06 0 d-------- C:\Program Files\?ssembly
2008-04-28 13:00:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-27 22:59:24 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\Adobe
2008-04-26 18:26:49 0 d-------- C:\Program Files\F?nts
2008-04-18 16:13:28 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 12:40:59 0 d-------- C:\Program Files\Common Files\?dobe
2008-04-12 17:23:44 0 d-------- C:\Program Files\Common Files\?ymbols
2008-04-11 16:28:22 0 d-------- C:\Program Files\Common Files\??sks
2008-04-09 19:15:17 0 d-------- C:\Program Files\M?crosoft
2008-04-08 18:53:42 0 d-------- C:\Program Files\Common Files\?ppPatch
2008-04-04 16:29:15 0 d-------- C:\Program Files\s?mbols
2008-04-03 19:40:07 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\uTorrent
2008-03-31 16:04:58 0 d-------- C:\Program Files\Common Files\??crosoft.NET
2008-03-28 14:48:27 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\??sembly
2008-03-23 11:01:32 0 d-------- C:\Program Files\?ystem
2008-03-19 19:20:04 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\Notepad++
2008-03-19 18:46:31 0 d-------- C:\Program Files\Notepad++
2008-03-19 10:55:48 0 d-------- C:\Program Files\Common Files\??mbols
2008-03-17 15:23:27 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\Apple Computer
2008-03-14 12:32:21 0 d-------- C:\Program Files\Common Files\??stem32
2008-03-13 02:59:33 224785 --ahs---- C:\WINDOWS\system32\vybeg.ini2
2008-03-11 22:34:53 90688 --a------ C:\WINDOWS\system32\ymgcdhum.dll
2008-03-11 13:07:40 0 d-------- C:\Program Files\?ymbols
2008-03-10 23:36:09 89152 --a------ C:\WINDOWS\system32\ctwbsdbf.dll
2008-03-09 23:35:09 89664 --a------ C:\WINDOWS\system32\qufiglny.dll
2008-03-09 12:32:55 0 d-------- C:\Program Files\??pPatch
2008-03-08 23:35:08 88640 --a------ C:\WINDOWS\system32\iwwvejrx.dll
2008-03-07 23:32:28 88640 --a------ C:\WINDOWS\system32\sximtpyh.dll
2008-03-06 23:29:09 92736 --a------ C:\WINDOWS\system32\oyubijlj.dll
2008-03-05 23:29:06 91712 --a------ C:\WINDOWS\system32\olsuwwme.dll
2008-03-05 12:43:38 0 d-------- C:\Documents and Settings\Matt Solum\Application Data\?dobe
2008-03-04 23:29:06 91712 --a------ C:\WINDOWS\system32\ofslgphc.dll
2008-03-03 23:26:52 91712 --a------ C:\WINDOWS\system32\ndfmoutc.dll
2008-03-02 23:27:31 91712 --a------ C:\WINDOWS\system32\qhkqktqq.dll
2008-03-01 23:25:17 91712 --a------ C:\WINDOWS\system32\oddsptku.dll
2008-03-01 23:15:45 238665 --ahs---- C:\WINDOWS\system32\gjllm.ini2
2008-02-23 13:02:36 91712 --a------ C:\WINDOWS\system32\dfmskrei.dll
2008-02-22 13:02:36 91712 --a------ C:\WINDOWS\system32\ddbfjgsd.dll
2008-02-21 13:02:35 91712 --a------ C:\WINDOWS\system32\oaktuxwr.dll
2008-02-20 19:51:04 2554 --a------ C:\WINDOWS\unins000.dat
2008-02-20 19:49:39 691545 --a------ C:\WINDOWS\unins000.exe
2008-02-20 13:00:52 91712 --a------ C:\WINDOWS\system32\qyjkwfuy.dll
2008-02-20 12:59:32 3584 --a------ C:\WINDOWS\system32\mlljg.exe
2008-02-19 11:33:58 74304 --a------ C:\WINDOWS\system32\hjxuymko.dll
2008-02-17 21:00:23 74304 --a------ C:\WINDOWS\system32\mjscdnmc.dll
2008-02-16 21:01:36 74304 --a------ C:\WINDOWS\system32\lywjxefo.dll
2008-02-15 21:42:09 74304 --a------ C:\WINDOWS\system32\unopapni.dll
2008-02-15 20:47:42 235245 --ahs---- C:\WINDOWS\system32\pstwa.ini2
2008-02-14 16:49:25 73280 --a------ C:\WINDOWS\system32\lxynwleq.dll
2008-02-05 18:00:36 417004 --ahs---- C:\WINDOWS\system32\rqtwa.ini2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D31AAA-9430-4610-A0C6-919F380C3544}]
C:\WINDOWS\system32\jkhfe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{47d6c24c-9d41-4748-a303-14af3dc5dd04}]
C:\WINDOWS\system32\yqcnwrwb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{81364E4F-B176-4B6E-82A6-9DD0230927C3}]
C:\WINDOWS\system32\awtqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB8E6EE0-78A9-4E82-8C28-8CAEC5AE5101}]
C:\WINDOWS\system32\awtsp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2FA15DF-F141-FF97-17E7-A58F01532E9F}]
04/11/2008 12:51 PM 60928 --a------ C:\WINDOWS\system32\ycakih.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CF142852-5915-4790-AA51-AC28D54C375D}]
C:\WINDOWS\system32\gebyv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D7FD6C15-4927-4AAE-BF12-FBDABD287EB1}]
C:\WINDOWS\system32\awtttqr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EBE0545C-F7F6-4B86-842B-169B0E61C417}]
C:\WINDOWS\system32\mlljg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F64BD63A-75D9-49A3-BBCD-CA9250FD3B52}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" []
"SoundMan"="SOUNDMAN.EXE" [06/20/2005 08:42 AM C:\WINDOWS\SOUNDMAN.EXE]
"EasyMessage"="H:\PortableApps\Easy Message\em2.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rebtynn"="C:\Program Files\?ecurity\?hkdsk.exe" [01/28/2008 11:29 AM]
"Ibmo"="C:\PROGRA~1\COMMON~1\YSTEM3~1\ntvdm.exe" [03/01/2008 11:20 PM]
"Idzewb"="C:\Documents and Settings\Matt Solum\My Documents\?ystem32\r?ndll32.exe" []
"Zqqmp"="C:\Program Files\??mantec\r?gedit.exe" [04/11/2008 12:52 PM]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [02/28/2007 11:06 PM]

C:\Documents and Settings\Matt Solum\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [7/15/2007 6:03:12 PM]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [5/4/2007 2:39:42 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/16/2007 12:30:35 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D7FD6C15-4927-4AAE-BF12-FBDABD287EB1}"= C:\WINDOWS\system32\awtttqr.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtttqr]
awtttqr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\gebyv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83415942-3a00-11dc-b371-000f66e76062}]
AutoRun\command- G:\PStart.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com

7873 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-05 12:27:02 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1023.3 MiB / 617.36 MiB
Pagefile Memory (total/avail): 2461.88 MiB / 2185.09 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1941.06 MiB

C: is Fixed (NTFS) - 111.78 GiB total, 67.79 GiB free.
D: is CDROM (CDFS)
E: is CDROM (UDF)
G: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD1200JB-00EVA0 - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:

\\.\PHYSICALDRIVE1 - Generic USB Flash Disk USB Device - 957 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 963.97 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG 7.5.516 v7.5.516 (Grisoft) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\Program Files\\Mozilla Firefox\\calc.exe"="C:\\Program Files\\Mozilla Firefox\\calc.exe:*:Enabled:Control"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Matt Solum\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MATTS-COMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Matt Solum
LOGONSERVER=\\MATTS-COMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\iTunes\Plug-Ins\Qloud\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MATTSO~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MATTSO~1\LOCALS~1\Temp
USERDOMAIN=MATTS-COMPUTER
USERNAME=Matt Solum
USERPROFILE=C:\Documents and Settings\Matt Solum
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Matt Solum (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advanced MP3/WMA Recorder --> C:\PROGRA~1\XAUDIO~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\XAUDIO~1\ADVANC~1\INSTALL.LOG
AIM 6 --> C:\Program Files\AIM6\uninst.exe
allTunes --> C:\PROGRA~1\allTunes\UNWISE.EXE C:\PROGRA~1\allTunes\INSTALL.LOG
ALShow --> "C:\Program Files\ESTsoft\ALShow\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Decoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EDE28287-D32C-415E-9C97-2BF9F9260150} /l1033
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Remote Wonder 2.3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3347F781-9C89-4C9B-B471-B1FFC3BC4A84} /l1033
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Battlefield 2™ --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Blackhawk Striker from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\82B0AB24-273E-4B81-BC0F-B798D5FBD489\Uninstall.exe"
Blasterball 2 from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B0D390FA-EF25-4295-9847-4A6E3A9D3AFB\Uninstall.exe"
Bounce Symphony from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\DE79D49C-E756-470A-8F8B-DE80E9FD268B\Uninstall.exe"
DAO --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C88E49AA-41C5-4420-A08D-BE1B6C5A3A74}
EPSON Print CD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Free WMA to MP3 Converter 1.16 --> "C:\Program Files\Free WMA to MP3 Converter\unins000.exe"
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "G:\HijackThis.exe" /uninstall
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}\setup\hpzscr01.exe" -datfile hposcr07.dat
IMSI Applications --> C:\WINDOWS\corel\imsiuset.exe
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Linotype FontExplorer X Public Beta --> "C:\Program Files\Linotype FontExplorer X\unins000.exe"
Liquid Resize Product Preview --> "C:\Program Files\InstallShield Installation Information\{A0F1F351-7C7E-4587-B302-E843BF25585C}\setup.exe" -runfromtemp -l0x0009 -uninst -removeonly
Logon Loader 3.0 --> C:\Program Files\Logon Loader\uninst.exe
Macromedia Flash MX 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Mars Rover from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\57F31F3F-EC7D-4A32-A9C5-28CAAD7A7215\Uninstall.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.6) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Musicnotes Player V1.23.0 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
ObjectDock --> C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
Orbital from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\D80A9E65-FA85-4162-A56B-FD271794B5A3\Uninstall.exe"
Overball from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\8CE4EEF6-9561-4DB6-9173-7958530CDE25\Uninstall.exe"
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Polar Bowler from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\B3CBD606-6898-4B3C-AC65-8A2CB029F8E9\Uninstall.exe"
Qloud Plug-in for iTunes --> C:\Program Files\iTunes\Plug-Ins\Qloud\iTunesQLoudSetup.exe /uninstall
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Safari --> MsiExec.exe /I{DDEDBEE3-E5B7-454A-A457-9B06C5C67B85}
Sibelius Scorch Plugin --> "C:\Program Files\Musicnotes\uninstsc.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
STX from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\6B772EC5-E423-4AA8-9330-BDCAA366DE66\Uninstall.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Wacom Tablet --> C:\Program Files\Tablet\Wacom\Remove.exe /u
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Word Symphony from ATI (remove only) --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\BAFBA5DB-2BF1-4152-8BBD-FFDEE4EDA3AE\Uninstall.exe"
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5393 / Error
Event Submitted/Written: 05/04/2008 01:16:12 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x7dc988a2.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type5386 / Error
Event Submitted/Written: 05/04/2008 10:30:24 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application 0072043500670065006400690074002E006500780065, version 0.0.0.0, faulting module 0072043500670065006400690074002E006500780065, version 0.0.0.0, fault address 0x0003837c.
Processing media-specific event for [0072043500670065006400690074002E006500780065!ws!]

Event Record #/Type5383 / Error
Event Submitted/Written: 05/02/2008 09:05:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application 0072043500670065006400690074002E006500780065, version 0.0.0.0, faulting module 0072043500670065006400690074002E006500780065, version 0.0.0.0, fault address 0x0001ea33.
Processing media-specific event for [0072043500670065006400690074002E006500780065!ws!]

Event Record #/Type5382 / Error
Event Submitted/Written: 05/02/2008 02:35:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application 0072043500670065006400690074002E006500780065, version 0.0.0.0, faulting module 0072043500670065006400690074002E006500780065, version 0.0.0.0, fault address 0x0003837c.
Processing media-specific event for [0072043500670065006400690074002E006500780065!ws!]

Event Record #/Type5290 / Error
Event Submitted/Written: 04/29/2008 04:26:26 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.3156, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10130 / Error
Event Submitted/Written: 05/05/2008 11:54:00 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Pdfcddnbpsr service failed to start due to the following error:
%%2

Event Record #/Type10126 / Warning
Event Submitted/Written: 05/05/2008 11:52:34 AM
Event ID/Source: 57 / Ftdisk
Event Description:
The system failed to flush data to the transaction log. Corruption may occur.

Event Record #/Type10124 / Warning
Event Submitted/Written: 05/05/2008 11:52:32 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type10123 / Warning
Event Submitted/Written: 05/05/2008 11:52:32 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.

Event Record #/Type10122 / Warning
Event Submitted/Written: 05/05/2008 11:52:32 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk1\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-05-05 12:27:02 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:05 AM

Posted 16 May 2008 - 04:31 AM

Hello Saven and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you .

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:05 AM

Posted 07 June 2008 - 05:59 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users