Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad.yieldmanager.com Is Haunting My Firefox


  • This topic is locked This topic is locked
2 replies to this topic

#1 udax

udax

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 04 June 2008 - 10:17 AM

Of late, Firefox on my pc seems sluggish, and on visiting certain sites (www.airliners.net, www.corel.com etc) up pops an authentication window from ad.yieldmanager.com asking me to enter a username and password. I have to click 'Cancel', sometimes THREE times in a row before I can proceed further. This does *not* happen with Internet Explorer on those same sites. Only Firefox is afflicted. Searching for yieldmanager.com cookies is no use. It might just be a co-incidence, but this probably started when I upgraded my SpyBot SD to the new version. AVG v8.0 finds nothing funny. Ditto for SpybotSD, Windows defender, SpyEraser. Adblock Plus addon for Firefox does not help either.

Thank you in advance for your time.

The DSS and HijackThis logs:

Deckard's System Scanner v20071014.68
Run by udax on 2008-06-04 18:44:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-06-04 13:14:18 UTC - RP710 - Deckard's System Scanner Restore Point
25: 2008-06-04 11:12:51 UTC - RP709 - Uniblue RegistryBooster
24: 2008-06-04 10:54:30 UTC - RP708 - Uniblue RegistryBooster
23: 2008-06-03 07:58:11 UTC - RP707 - System Checkpoint
22: 2008-06-02 07:52:10 UTC - RP706 - System Checkpoint


-- First Restore Point --
1: 2008-05-13 08:01:11 UTC - RP685 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.87 GiB (less than 15%) free.


-- HijackThis (run as udax.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:47:29 PM, on 6/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Documents and Settings\udax\My Documents\downloads\dss.exe
D:\HIJACK~1\udax.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] e:\Program Files\Powersuite\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137585916328
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD40/JSCDL/jre/6u...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553510000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3B89DAE-E0C1-467A-A7DF-D29373A29D42}: NameServer = 192.168.0.10
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
O23 - Service: AST Service (astcc) - Advanced Software Technologies - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

--
End of file - 7005 bytes

-- HijackThis Fixed Entries (D:\HIJACK~1\backups\) -----------------------------

backup-20080308-135727-883 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
backup-20080308-135910-814 O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
backup-20080308-142813-640 O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
backup-20080308-142813-982 O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://dev.imagingworld.co.kr/printerhelp/...n/DrPrinter.cab
backup-20080604-150450-929 O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 mbmiodrvr - c:\windows\system32\mbmiodrvr.sys <Not Verified; cansoft@livewiredev.com; Windows ® 2000 DDK driver>
R2 DgiVecp - c:\windows\system32\drivers\dgivecp.sys <Not Verified; Samsung Electronics Co., Ltd.; Samsung Electronics Co., Ltd. VECP for Windows 2000, XP>
R2 DS1410D - c:\windows\system32\drivers\ds1410d.sys <Not Verified; Dallas Semiconductor MAXIM; 1-Wire Drivers>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 tap0801 (TAP-Win32 Adapter V8) - c:\windows\system32\drivers\tap0801.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
R3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver>

S2 PPSCAN - c:\windows\system32\drivers\ppscan.sys <Not Verified; Hewlett-Packard Co.; >
S2 SSPORT - c:\windows\system32\drivers\ssport.sys (file missing)
S3 dot4ufd (HP Dot4usb Filter) - c:\windows\system32\drivers\hppaufd0.sys <Not Verified; HP; HP Dot4Ufd Windows XP>
S3 DragonUSBservice - c:\windows\system32\drivers\dragnusb.sys <Not Verified; www.fpga4fun.com; fpga4fun Dragon USB driver>
S3 Entech - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 NPF (NetGroup Packet Filter Driver) - c:\windows\system32\drivers\npf.sys <Not Verified; Politecnico di Torino; NPF Driver>
S3 RTCore32 - c:\documents and settings\udax\my documents\asus\rmclk\rtcore32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apache2 - "c:\program files\apache software foundation\apache2.2\bin\httpd.exe" -k runservice <Not Verified; Apache Software Foundation; Apache HTTP Server>
R2 astcc (AST Service) - c:\windows\system32\astsrv.exe <Not Verified; Advanced Software Technologies; A.S.T Copy Protection>

S3 OpenVPNService (OpenVPN Service) - c:\program files\openvpn\bin\openvpnserv.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini"
S3 SandraDataSrv (Sandra Data Service) - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\rpcdatasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2005.SR3>
S3 SandraTheSrv (Sandra Service) - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\rpcsandrasrv.exe <Not Verified; SiSoftware; SiSoftware Sandra 2005.SR3>
S4 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-04 17:55:42 350 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job
2008-06-04 11:16:02 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2008-05-04 and 2008-06-04 -----------------------------

2008-06-04 17:24:46 0 dr-h----- C:\Documents and Settings\udax\Recent
2008-06-04 16:10:16 0 d-------- C:\Documents and Settings\udax\Application Data\Uniblue
2008-06-04 15:14:36 0 d-------- C:\WINDOWS\pss
2008-06-03 18:15:19 0 d-a------ C:\WINDOWS\zts2.exe
2008-06-03 18:15:19 0 d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-06-03 18:15:19 0 d-a------ C:\WINDOWS\system32\systems.txt
2008-06-03 18:15:19 0 d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-06-03 18:15:19 0 d-a------ C:\WINDOWS\rundll16.exe
2008-06-03 18:15:19 0 d-a------ C:\WINDOWS\rundl132.dll
2008-06-03 18:15:19 0 d-a------ C:\WINDOWS\logo1_.exe
2008-05-24 17:17:20 0 d-------- C:\Program Files\Microsoft Works
2008-05-24 17:16:00 0 d-------- C:\Program Files\Microsoft.NET
2008-05-24 17:13:50 0 d-------- C:\WINDOWS\SHELLNEW


-- Find3M Report ---------------------------------------------------------------

2008-06-04 18:08:53 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-06-04 17:30:31 0 d-------- C:\Documents and Settings\udax\Application Data\UseNeXT
2008-06-04 17:10:28 0 d-------- C:\Program Files\SQLyog Community
2008-06-04 17:10:28 0 d-------- C:\Program Files\Nvu
2008-06-04 16:44:42 0 d-------- C:\Program Files\GetRight
2008-06-04 16:39:12 8405015 --a------ C:\WINDOWS\TempFile
2008-06-03 12:07:18 0 d-------- C:\Documents and Settings\udax\Application Data\AVGTOOLBAR
2008-05-20 18:06:01 0 d-------- C:\Program Files\Common Files
2008-05-20 16:10:14 76 --a------ C:\Documents
2008-05-04 15:49:02 0 d-------- C:\Program Files\Java
2008-04-25 18:18:19 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-25 18:18:13 0 d--h----- C:\Program Files\Zero G Registry
2008-04-25 11:20:20 0 d-------- C:\Documents and Settings\udax\Application Data\Real
2008-04-21 16:45:48 0 d-------- C:\Documents and Settings\udax\Application Data\Ahead
2008-04-21 16:00:10 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-13 14:08:21 0 d-------- C:\Program Files\AVG
2008-04-13 12:01:48 0 d-------- C:\Program Files\CDisplay
2008-04-12 14:10:09 0 d-------- C:\Program Files\UseNeXT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
04/14/2008 11:52 AM 2051328 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [04/14/2008 11:52 AM 2051328]

[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/25/2005 10:02 PM]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/25/2005 10:02 PM]
"RTHDCPL"="RTHDCPL.EXE" [01/11/2006 05:23 PM C:\WINDOWS\RTHDCPL.exe]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [04/14/2008 11:52 AM]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [05/30/2007 05:21 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:30 PM]
"Uniblue RegistryBooster 2"="E:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [05/05/2008 12:22 PM]
"Uniblue SpeedUpMyPC"="e:\Program Files\Powersuite\SpeedUpMyPC 3\SpeedUpMyPC.exe" [08/16/2007 09:02 AM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [1/28/2006 12:09:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckAnyDVD]
"C:\Program Files\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hppwrsav]
C:\SCANJET\PrecisionScanLT\hppwrsav.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\openvpn-gui]
C:\Program Files\OpenVPN\bin\openvpn-gui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8002 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-06-04 18:48:08 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
CPU 1: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2047.05 MiB / 1504.37 MiB
Pagefile Memory (total/avail): 3432.93 MiB / 3051.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.32 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 62.88 GiB total, 2.87 GiB free.
D: is Fixed (NTFS) - 62.5 GiB total, 14.91 GiB free.
E: is Fixed (NTFS) - 76.17 GiB total, 34.96 GiB free.
F: is CDROM (CDFS)
U: is Network (NTFS)

\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 5 partitions
\PARTITION0 (bootable) - Installable File System - 62.88 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 138.68 GiB - D: - E:
\PARTITION2 - Unknown - 30.27 GiB
\PARTITION3 - Unknown - 1074.66 MiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Microsoft Visual Studio\\VC98\\Samples\\MFC\\ADVANCED\\CHATSRVR\\Debug\\chatsrvr.exe"="C:\\Program Files\\Microsoft Visual Studio\\VC98\\Samples\\MFC\\ADVANCED\\CHATSRVR\\Debug\\chatsrvr.exe:*:Enabled:CHATSRVR"
"E:\\socktry\\csocket\\Debug\\CSocket.exe"="E:\\socktry\\csocket\\Debug\\CSocket.exe:*:Enabled:CSocket"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NewsBin\\nbpro.exe"="C:\\Program Files\\NewsBin\\nbpro.exe:*:Enabled:Newsbin"
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Disabled:javaw"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Xilinx\\bin\\nt\\_fpga_editor.exe"="C:\\Xilinx\\bin\\nt\\_fpga_editor.exe:*:Enabled:FPGA_EDITOR"
"C:\\Xilinx\\bin\\nt\\floorplanner.exe"="C:\\Xilinx\\bin\\nt\\floorplanner.exe:*:Enabled:Floorplanner"
"C:\\Xilinx\\bin\\nt\\_timingan.exe"="C:\\Xilinx\\bin\\nt\\_timingan.exe:*:Enabled:BASTI"
"C:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"="C:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Civa8.1\\Exe\\civa.exe"="C:\\Civa8.1\\Exe\\civa.exe:*:Enabled:civa"
"C:\\Program Files\\Hummingbird\\Connectivity\\8.00\\Exceed\\hjava.exe"="C:\\Program Files\\Hummingbird\\Connectivity\\8.00\\Exceed\\hjava.exe:*:Enabled:X server for Win32"
"C:\\Program Files\\Corel\\Corel Graphics 11\\Programs\\CorelDrw.exe"="C:\\Program Files\\Corel\\Corel Graphics 11\\Programs\\CorelDrw.exe:*:Enabled:CorelDRAW®"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Civa_9.1\\jre1.6.0_01\\bin\\javaw.exe"="C:\\Civa_9.1\\jre1.6.0_01\\bin\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"E:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="E:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\udayg\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BOSS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\udayg
include=C:\Program Files\Intel\IPP\5.3.3.081\ia32\include;C:\Program Files\Intel\IPP\5.2\ia32\include;C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
INTEL_LICENSE_FILE=C:\Program Files\Common Files\Intel\Licenses
lib=C:\Program Files\Intel\IPP\5.3.3.081\ia32\lib;C:\Program Files\Intel\IPP\5.3.3.081\ia32\stublib;C:\Program Files\Intel\IPP\5.2\ia32\lib;C:\Program Files\Intel\IPP\5.2\ia32\stublib;C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LM_LICENSE_FILE=C:\Modeltech_xe_starter\modelsim_lib\license.dat;C:\Modeltech_xe_starter\win32xoem\license.dat
LOGONSERVER=\\BOSS
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\Wbem;C:\Program Files\Intel\IPP\5.3.3.081\ia32\bin;C:\Program Files\Intel\IPP\5.2\ia32\bin;C:\Perl\site\bin;C:\Perl\bin;C:\Program Files\Rockwell Software\RSCommon;C:\Program Files\Intel\DMIX;%XILINX%\bin\nt;C:\Program Files\Common Files\Ulead Systems\MPEG;d:\xilinx91\bin\nt;C:\Program Files\MySQL\MySQL Server 5.0\bin;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin;e:\oldf\lotus;C:\BC45\BIN;c:\tc2;C:\Program Files\OpenVPN\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\udayg\LOCALS~1\Temp
TMP=C:\DOCUME~1\udayg\LOCALS~1\Temp
USERDOMAIN=BOSS
USERNAME=udayg
USERPROFILE=C:\Documents and Settings\udayg
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

udayg (admin)
Administrator.BOSS (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /x{B4471153-A95F-4357-9D45-0C945EBF120D}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ace DivX Player --> "C:\Program Files\GustoSoft\Ace DivX Player\Uninstall.exe"
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
ActivePerl 5.8.8 Build 820 --> MsiExec.exe /I{B7A1E737-0347-4B8A-B1A8-1D4624C3C45A}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
AnadigmDesigner2, Version 2.5.0.12 --> "C:\Program Files\Anadigm\unins000.exe"
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apache HTTP Server 2.2.4 --> MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
ASUSDVD XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
AutoStreamer --> MsiExec.exe /X{D9CDB463-BB48-4B80-B1B6-5B940A4621E0}
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BCL easyPDF Printer Driver 5.0 --> MsiExec.exe /I{8D7574B1-49D7-41E6-9C2E-6B49A8619E64}
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
Celestia 1.4.1 --> "C:\Program Files\Celestia\unins000.exe"
Civa 8.1 --> MsiExec.exe /I{5E739A8C-11AC-4073-B3D9-95396F9540CA}
Civa 9.1 --> MsiExec.exe /I{60623C79-66AD-4EE1-9BBA-C93050597641}
Combined Community Codec Pack 2007-02-22 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Corel Graphics Suite 11 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0}
DBF to MySQL 2.1 --> C:\PROGRA~1\INTELL~1\UNWISE.EXE /U C:\PROGRA~1\INTELL~1\dbf2sql.log
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DspEdu 2.1.1 --> "C:\Program Files\DspEdu\uninstall.exe"
eDrawings 2006 --> MsiExec.exe /I{8C47092F-B249-43CB-A780-40274329043D}
Ethereal 0.10.12 --> "C:\Program Files\Ethereal\uninstall.exe"
Fast AVI MPEG Splitter 1.0.2 --> "C:\Program Files\Fast AVI MPEG Splitter\unins000.exe"
Filter Free 2006 --> MsiExec.exe /I{0B44FD66-66D7-402C-8EE4-7A440A30618A}
FIRDesigner --> MsiExec.exe /X{B085A3D7-4797-4D96-B8F0-0DADEB393C33}
Flexnet server (32 bits) --> MsiExec.exe /X{CD0FD730-FF89-4761-9D44-7E9D98387B35}
Free DWG Viewer 6.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly
GetRight --> C:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Gordian Knot Rip Pack 0.35.0 --> C:\Program Files\GordianKnot\uninst.exe
GSpot Codec Information Appliance --> C:\Program Files\GSpot\Uninstall.exe
Haali Media Splitter --> "C:\Program Files\Matroska Pack\haali\uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "D:\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
Hummingbird Exceed V8.0 --> MsiExec.exe /I{5C99DE48-C09C-42D3-A79B-FAE140895409}
ICC Profile Toolkit --> MsiExec.exe /I{9AA8C063-F105-4F17-AFE4-1F3C1AC19F69}
InstallShield for Microsoft Visual C++ 6 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\InstallShield\InstallShield for Microsoft Visual C++ 6\Uninst.isu"
Intel® Integrated Performance Primitives 5.2 for Windows* on IA-32 Intel® Architecture --> MsiExec.exe /I{0E30A654-8541-4228-B724-40B6247C0A22}
Intel® IPP 5.3 Update 3 for Windows* on IA-32 Intel® Architecture --> MsiExec.exe /I{0F251A4D-DCF1-4CC8-970D-23B279795E87}
Intel® PRO Network Connections Software v10.0.26.0 --> C:\Program Files\Intel\DMIX\uninst\DxSetup.exe /x /qf /le C:\DOCUME~1\udayg\LOCALS~1\Temp\PROSetDX\DMIX\\DxUninst.log
Intel® PROSafe for Wired Connections --> MsiExec.exe /I{36BD0774-6CD6-4FF9-A148-83CA09AC123E}
Intel® PROSafe for Wired Connections --> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
IsoBuster 1.4 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{47808F78-F178-49DC-B708-15FE538B16FF}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JGsoft HelpScribble 7.6.1 --> C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\HelpScribble\Deploy.log"
LTspice/SwCADIII --> C:\Program Files\LTC\SwCADIII\scad3.exe -uninstall
Magic ISO Maker v5.0 (build 0166) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Matroska Pack --> C:\Program Files\Matroska Pack\uninstall.exe
Memec Design Spartan-II 200 PCI Reference Designs --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFAEEEF2-8901-49B5-A649-F75A0167A1B7}\Setup.exe" -l0x9
Microsoft ActiveX Control Pad --> C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 6.0 Professional Edition --> "C:\Program Files\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Windows Vista Upgrade Advisor --> MsiExec.exe /I{962DE60D-D080-4E77-BD0C-F97A179C50B7}
Monitor Asset Manager (remove only) --> C:\Program Files\MonInfo\uninstal.exe
Motherboard Monitor 5 --> "C:\Program Files\Motherboard Monitor 5\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.14) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mp4UI --> "C:\Program Files\mp4UI\Uninstaller.exe"
MSDN Library - January 2006 DVD --> MsiExec.exe /I{CA43EFA1-34A2-4AED-919F-D1B76B515708}
MSDN Library - Visual Studio 6.0a --> "C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1033\Setup\Setup.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MySQL Server 5.0 --> MsiExec.exe /I{984FFBAD-C445-442F-BC71-E2034F9A395B}
NeoTrace Pro 3.25 --> C:\PROGRA~1\NEOTRA~1\UNWISE.EXE C:\PROGRA~1\NEOTRA~1\INSTALL.LOG
Nero 7 --> MsiExec.exe /I{F14B8ECC-BDA0-4987-9201-D7B7DBE11033}
NewsLeecher --> "C:\Program Files\NewsLeecher\uninstall.exe"
NewsLeecher v3.8 Final --> "C:\Program Files\NewsLeecher\unins000.exe"
Nvu 1.0 --> "C:\Program Files\Nvu\unins000.exe"
OpenVPN 2.0.9-gui-1.0.3 --> C:\Program Files\OpenVPN\Uninstall.exe
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
PerformanceTest v6.0 --> "C:\Program Files\PerformanceTest\unins000.exe"
PowerStrip 3 (remove only) --> C:\Program Files\PowerStrip\uninstal.exe
QuickGamma 2.0.0.3 --> "C:\Program Files\QuickGamma\unins000.exe"
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime Alternative 1.69 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
ReaderWorks Standard --> MsiExec.exe /I{6891401F-695B-447F-B3E3-3FDEDA952DC6}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RSLogix 500 Starter 10pt ML1000 English --> MsiExec.exe /I{B4471153-A95F-4357-9D45-0C945EBF120D}
Samsung CLP-300 Series --> C:\Program Files\Samsung\Samsung CLP-300 Series\Install\Setup.exe /R
SAMSUNG Dr. Printer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DB87EAC-F695-4D59-9609-C93119AE6B35}\setup.exe" -l0x9 -removeonly
scilab-4.1.2 --> "C:\Program Files\scilab-4.1.2\unins000.exe"
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE) --> "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\unins000.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
SQLyog Community 5.27 --> C:\Program Files\SQLyog Community\uninst.exe
Stellarium 0.9.0 --> "C:\Program Files\Stellarium\unins000.exe"
SuperSpice --> C:\WINDOWS\SuperSpice Uninstaller.exe
TightVNC 1.3.9 --> "C:\Program Files\TightVNC\unins000.exe"
TMPGEnc DVD Author 1.6 --> MsiExec.exe /I{9CD89DD7-234A-4801-9D87-3DE352E146A0}
ToolBox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5EE4897-0A8A-4BDF-AF28-6F420C155308}\setup.exe"
UBCD4Win 3.13 --> "E:\UBCD4Win2\unins000.exe"
Ulead GIF Animator 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
Ulead VideoStudio 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88F92798-59AB-474F-B40D-1EC5F782F7EE}\Setup.exe" -l0x9
Uniblue PowerSuite --> "e:\Program Files\Powersuite\unins000.exe"
Uniblue RegistryBooster 2 --> "e:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
UseNeXT --> "C:\Program Files\UseNeXT\unins001.exe"
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Web Easy Professional 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E376D45C-2C25-4437-9FDE-CEA857BF1DE9}\setup.exe" -l0x9
WebEx --> C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinFast® Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x9 -removeonly
WinPcap 3.0 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 3.7.4 --> "C:\Program Files\WinSCP3\unins000.exe"
Xilinx ISE 8.1i --> c:\Xilinx\.xinstall\setup.exe -uninstall
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
yBook --> "C:\Documents and Settings\udayg\My Documents\yBook\unins000.exe"
Yet Another Free RayTracer for Windows 0.0.8-2 Optimized for Pe --> "C:\Program Files\YafRay\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type4552 / Error
Event Submitted/Written: 06/04/2008 00:59:07 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 685638774.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type4551 / Error
Event Submitted/Written: 06/04/2008 00:54:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ad-aware2007.exe, version 7.0.2.7, faulting module , version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [ad-aware2007.exe!ws!]

Event Record #/Type4550 / Error
Event Submitted/Written: 06/04/2008 00:54:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aawservice.exe, version 7.0.2.7, faulting module CEAPI.dll, version 7.0.2.6, fault address 0x0000cc27.
Processing media-specific event for [aawservice.exe!ws!]

Event Record #/Type4549 / Error
Event Submitted/Written: 06/04/2008 00:49:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application LSUpdateManager.exe, version 7.0.2.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4544 / Warning
Event Submitted/Written: 06/03/2008 06:27:57 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

No Errors/Warnings found.


-- End of Deckard's System Scanner: finished at 2008-06-04 18:48:08 ------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:26 AM

Posted 28 June 2008 - 02:29 PM

Hello udax,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:26 AM

Posted 09 July 2008 - 10:37 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users