Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

 
Reply to this topicStart new topic
> Virtumonde + Loss Of System Admin - No Access To C Drive From "my Computer", Tried various removal tools and it is not all gone..
Dingerz
post Jul 15 2008, 04:37 AM
Post #1


New Member
*

Group: Members
Posts: 11
Joined: 18-January 05
Member No.: 9,898
My AVG Virus scanner told me that I had Virtumonde on my computer. I have the program "Exterminate It" and it was supposed to remove everything to do with the trojan.

It worked to a degree because if I pressed ctrl+Alt+Delete when I first was told I had virtumonde, it used to tell me that I had lost all admin abilities. However, I can now access anything through the "Run" commands. I can only access my C drive through"Run" now, but if I click on "My Computer" my C drive is no longer there. Also, if I put a CD in the rom/dvd drive, it does not recognize the drive either in the "My Computer" section. So on top of getting rid of the trojan, how do I restore these?

I get warnings telling me that I have the worm.win32.NetBooster and I know that is just a prompt for me to go download at sites. I get forwarded to sites like http://virus-webscanner.com/2008/2/_freescan.php?aid=880028 or http://www.safewebnavigate2008.com/index.p...p;pn=&pid=0.

If I click on my "My Computer" system properties, it tells me under the General tab that I have a VIRUS ALERT. So that's rather worrysome..

I have run my virus scanner and so far no virus is coming up. The Vundofix.exe took 2 hours and I had to close that because it was so incredibly slow and wa't getting anywhere. Any help would be MUCH appreciated, thanks!

**********
Deckard's System Scanner v20071014.68
Run by user on 2008-07-15 05:17:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
64: 2008-07-15 09:17:49 UTC - RP1088 - Deckard's System Scanner Restore Point
63: 2008-07-13 19:21:56 UTC - RP1087 - System Checkpoint
62: 2008-07-11 02:42:18 UTC - RP1086 - Installed Ad-Aware
61: 2008-07-11 02:41:53 UTC - RP1085 - Removed Ad-Aware 2007
60: 2008-07-09 07:16:37 UTC - RP1084 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-15 07:45:48 UTC - RP1025 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:20, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\Exterminate It!\ExterminateIt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: QXK Olive - {05721FB0-2C8D-41A1-BEF7-0957168A3502} - C:\WINDOWS\kgxmotaptvw.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0AEBF16C-963C-4CA2-8673-E4F0650D6DA9} - C:\WINDOWS\system32\pmkhg.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: qndsfmao - {9A3D91FB-FCF6-46A4-A0C2-B4865D8D05DC} - C:\WINDOWS\qndsfmao.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://www.viidoo.tv/TVUAx.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://www.cogeco.ca/en/ols21/fscax.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...tupv2.0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/activex...upv2.0.0.10.cab?
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O21 - SSODL: evgratsm - {1B25B29D-4C71-4306-8DDD-4DA6FA910B99} - C:\WINDOWS\evgratsm.dll
O21 - SSODL: kvxqmtre - {38D6D4BE-706C-493F-A42A-7CAD1794F3D4} - C:\WINDOWS\kvxqmtre.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9477 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 RioS30 (RioS30S driver) - c:\windows\system32\drivers\rios30.sys <Not Verified; SonicBlue Inc.; RioS30.sys>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-01 20:37:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-15 and 2008-07-15 -----------------------------

2008-07-15 03:36:52 0 d-------- C:\Program Files\Trend Micro
2008-07-15 00:41:44 0 d-------- C:\Program Files\Exterminate It!
2008-07-15 00:32:51 0 d-------- C:\Documents and Settings\user\Application Data\TmpRecentIcons
2008-07-15 00:32:37 516096 --a------ C:\WINDOWS\kgxmotaptvw.dll
2008-07-15 00:32:37 163840 --a------ C:\WINDOWS\epeb.exe
2008-07-15 00:32:36 159744 --a------ C:\WINDOWS\qndsfmao.dll
2008-07-15 00:32:36 311296 --a------ C:\WINDOWS\kvxqmtre.dll
2008-07-15 00:32:35 356352 --a------ C:\WINDOWS\evgratsm.dll
2008-07-02 13:00:08 0 d--h----- C:\$AVG8.VAULT$
2008-07-02 11:13:59 0 d-------- C:\Documents and Settings\JaneGuy\Application Data\AVG7
2008-07-02 11:13:59 0 d-------- C:\Documents and Settings\All Users\Application Data\AVG7
2008-07-02 11:13:02 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-02 11:12:52 0 d-------- C:\Program Files\AVG
2008-07-02 11:12:51 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-19 00:32:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Ableton
2008-06-19 00:32:16 0 d-------- C:\Documents and Settings\user\Application Data\Ableton
2008-06-19 00:31:51 368640 --a------ C:\WINDOWS\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-06-19 00:31:12 0 d-------- C:\Program Files\Ableton


-- Find3M Report ---------------------------------------------------------------

2008-07-15 04:20:10 0 d-------- C:\Program Files\BitLord
2008-07-15 02:56:02 0 d-------- C:\Program Files\Trillian
2008-07-15 02:52:10 0 d-------- C:\Program Files\SpywareBlaster
2008-07-15 02:42:07 0 d-------- C:\Program Files\DC++
2008-07-10 22:42:20 0 d-------- C:\Program Files\Lavasoft
2008-07-10 22:42:11 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-09 02:52:58 0 d-------- C:\Program Files\Amazon
2008-07-02 13:00:08 0 d-------- C:\Program Files\DIGStream
2008-06-26 02:26:43 3580 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-07 11:42:15 52228 --a------ C:\Documents and Settings\user\Application Data\wklnhst.dat
2008-06-02 02:22:52 0 d-------- C:\Documents and Settings\user\Application Data\DivX
2008-06-01 23:32:46 0 d-------- C:\Program Files\Dealio
2008-06-01 22:31:15 0 d-------- C:\Documents and Settings\user\Application Data\Search Settings
2008-06-01 22:29:41 0 d-------- C:\Program Files\Search Settings
2008-06-01 22:22:30 0 d-------- C:\Program Files\The KMPlayer
2008-05-24 19:52:05 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-05-24 05:55:00 711168 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-05-24 05:55:00 204800 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2008-05-24 05:55:00 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2008-05-24 05:55:00 455680 --a------ C:\WINDOWS\system32\libmplayer.dll
2008-05-24 05:55:00 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2008-05-24 05:55:00 3614208 --a------ C:\WINDOWS\system32\libavcodec.dll
2008-05-24 05:55:00 692224 --a------ C:\WINDOWS\system32\ff_x264.dll
2008-05-24 05:55:00 23552 --a------ C:\WINDOWS\system32\ff_wmv9.dll
2008-05-24 05:55:00 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-05-24 05:55:00 38400 --a------ C:\WINDOWS\system32\ff_unrar.dll
2008-05-24 05:55:00 115200 --a------ C:\WINDOWS\system32\ff_tremor.dll
2008-05-24 05:55:00 143360 --a------ C:\WINDOWS\system32\ff_theora.dll
2008-05-24 05:55:00 113152 --a------ C:\WINDOWS\system32\ff_samplerate.dll
2008-05-24 05:55:00 114688 --a------ C:\WINDOWS\system32\ff_realaac.dll
2008-05-24 05:55:00 99840 --a------ C:\WINDOWS\system32\ff_libmad.dll
2008-05-24 05:55:00 211968 --a------ C:\WINDOWS\system32\ff_libfaad2.dll
2008-05-24 05:55:00 147456 --a------ C:\WINDOWS\system32\ff_libdts.dll
2008-05-24 05:55:00 40448 --a------ C:\WINDOWS\system32\ff_liba52.dll
2008-05-24 05:55:00 204800 --a------ C:\WINDOWS\system32\ff_kernelDeint.dll
2008-05-24 05:55:00 741376 --a------ C:\WINDOWS\system32\audxlib.dll
2008-05-23 22:48:48 0 d-------- C:\Documents and Settings\user\Application Data\Google
2008-05-23 22:48:15 0 d-------- C:\Program Files\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{05721FB0-2C8D-41A1-BEF7-0957168A3502}]
07/14/2008 18:43 516096 --a------ C:\WINDOWS\kgxmotaptvw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0AEBF16C-963C-4CA2-8673-E4F0650D6DA9}]
C:\WINDOWS\system32\pmkhg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 01:31]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 08:00]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [03/31/2003 08:00]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [05/29/2003 16:28]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [03/11/2003 11:24]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [03/11/2003 11:11]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [06/25/2003 15:30]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/07/2003 07:32]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 03:56]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [05/30/2003 09:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [11/10/2005 14:03]
"@"="" []
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [07/12/2006 05:58]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 11:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 13:10]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 22:16]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [02/06/2008 17:47]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/04/2008 12:34]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24]
"PowerBar"="" []
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [06/18/2003 12:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [4/8/2004 1:39:00 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2/17/1999 4:05:56 PM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"evgratsm"= {1B25B29D-4C71-4306-8DDD-4DA6FA910B99} - C:\WINDOWS\evgratsm.dll [07/14/2008 18:43 356352]
"kvxqmtre"= {38D6D4BE-706C-493F-A42A-7CAD1794F3D4} - C:\WINDOWS\kvxqmtre.dll [07/14/2008 18:43 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax DllCmd 4.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax DllCmd 4.0.lnk
backup=C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 4.0.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 4.0.lnk
backup=C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Finding Notes Easy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Finding Notes Easy.lnk
backup=C:\WINDOWS\pss\Finding Notes Easy.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGServices]
C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIGStream]
C:\Program Files\DIGStream\digstream.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
"C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TapiSrv"=3 (0x3)
"iPod Service"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a699bfe6-2c23-11dc-9fc9-806d6172696f}]
AutoRun\command- D:\AutoRun\Demo.exe




-- End of Deckard's System Scanner: finished at 2008-07-15 05:30:15 ------------

******
Extra Log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.80GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.73 MiB / 565.03 MiB
Pagefile Memory (total/avail): 1695.31 MiB / 1250.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1943.19 MiB

C: is Fixed (NTFS) - 149.05 GiB total, 62.64 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JB-00FUA0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.05 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Direct Connect\\Direct Connect.exe"="C:\\Program Files\\Direct Connect\\Direct Connect.exe:*:Enabled:File Sharing over TCP/IP"
"C:\\Program Files\\Trillian\\trillian.exe"="C:\\Program Files\\Trillian\\trillian.exe:*:Enabled:Trillian"
"C:\\Program Files\\TorrentStorm\\Downloader\\Tor032\\tor032.exe"="C:\\Program Files\\TorrentStorm\\Downloader\\Tor032\\tor032.exe:*:Enabled:tor032"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\AIM95\\aim.exe"="C:\\Program Files\\AIM95\\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Documents and Settings\\user\\Desktop\\DCPlusPlus.exe"="C:\\Documents and Settings\\user\\Desktop\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\WINDOWS\\system32\\mphmjuvf.exe"="C:\\WINDOWS\\system32\\mph"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MYCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\MYCOMPUTER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=MYCOMPUTER
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
JaneGuy


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2 --> MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AoA DVD Ripper --> "C:\Program Files\AoA DVD Ripper\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudioCatalyst --> C:\PROGRA~1\Xing\AUDIOC~1\UNINST~1.EXE C:\PROGRA~1\Xing\AUDIOC~1\INSTALL.LOG
Avery® Wizard 2.1 for Microsoft® Word 2002 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitLord 1.1 --> C:\Program Files\BitLord\uninst.exe
BlackBerry Desktop Software 4.0.1 --> MsiExec.exe /i{EC54CAFB-9467-4A05-9209-898E7DD58EA7}
BlackBerry Desktop Software 4.0.1 --> MsiExec.exe /I{EC54CAFB-9467-4A05-9209-898E7DD58EA7}
BlackBerry v2.6 for the RIM 950 and RIM 957 Handhelds --> MsiExec.exe /X{E6E1C064-DFF2-476F-8646-DE038462CFDA}
BlackBerry v4.0 for the 7200 Series Wireless Handheld --> MsiExec.exe /X{79FB2298-C3A4-4B01-A247-01A4E76EA0A1}
Call of Duty --> C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CuteFTP 7 Home --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59D98250-CFEB-4A0B-A737-FC7CADE27852}\Setup.exe" -l0x9
DC++ 0.698 --> "C:\Program Files\DC++\uninstall.exe"
Depeche Mode Receiver --> "C:\Program Files\Depeche Mode Receiver\uninstall.exe"
Direct Connect 1.0 Preview Build 9 --> C:\WINDOWS\iun503.exe C:\Program Files\Direct Connect\irunin.ini
Disc2Phone --> MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX 4.12 Codec --> "C:\Program Files\DivXCodec\uninstall.exe"
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
eFax Messenger 4.0 --> C:\Program Files\eFax Messenger 4.0\Uninstall.exe
ESPN RunTime --> C:\Program Files\ESPNRunTime\DIGSvcUninstall.exe /brand=ESPN
Exterminate It! --> C:\Program Files\Exterminate It!\ExterminateIt_Uninst.exe
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Finding Notes Easy 1.5 --> "C:\Program Files\Finding Notes Easy\unins000.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.2 - Scanjet 3970 Series --> MsiExec.exe /I{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Intel® Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Lexmark X1100 Series --> C:\WINDOWS\System32\spool\drivers\w32x86\3\LXBKUN5C.EXE -dLexmark X1100 Series
Live 6.0.10 --> C:\PROGRA~1\Ableton\LIVE60~1.10\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE60~1.10\Install\INSTALL.LOG
Media Player Codec Pack 3.2.0 --> C:\WINDOWS\system32\C2MP\Uninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Picture It! Photo Premium 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Streets and Trips 2004 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002 --> MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
Microsoft Works 2004 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP E:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDS AnyTime --> C:\PROGRA~1\MSDSAN~1\UNWISE.EXE C:\PROGRA~1\MSDSAN~1\INSTALL.LOG
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
New Business Startup Kit --> MsiExec.exe /I{AD3FCC90-079C-4FDB-97AB-7B5B011F4F6E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Print Workshop 2004 LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{952682F8-F40D-11D7-AD8E-0050DA87D0EB}\SETUP.EXE" -l0x9
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Search Settings 1.1 --> MsiExec.exe /X{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony Ericsson PC Suite 1.20.173 --> MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
The Playa --> "C:\Program Files\The Playa\uninstall.exe"
TOM Transcoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7030B17-4177-4FA8-A99D-8AD8867A9234}\setup.exe" -l0x9 -removeonly
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XviD 1.1 final uninstall --> "C:\Program Files\XviD\unins000.exe"
XviD Video Codec 24.2.2003-11:00 (uManiac's build) --> "C:\Program Files\XviD\UninstXviD.exe"
Zoom Player (remove only) --> "C:\Program Files\Zoom Player\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2807 / Error
Event Submitted/Written: 07/15/2008 05:20:12 AM
Event ID/Source: 11 / crypt32
Event Description:
Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.

Event Record #/Type2794 / Warning
Event Submitted/Written: 07/12/2008 05:15:18 PM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type2786 / Warning
Event Submitted/Written: 07/10/2008 05:55:53 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type2781 / Warning
Event Submitted/Written: 07/09/2008 11:03:06 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type2771 / Warning
Event Submitted/Written: 07/08/2008 06:29:03 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type753882 / Error
Event Submitted/Written: 07/15/2008 05:26:54 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type753881 / Error
Event Submitted/Written: 07/15/2008 05:26:51 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type753880 / Error
Event Submitted/Written: 07/15/2008 05:26:51 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type753879 / Error
Event Submitted/Written: 07/15/2008 05:26:49 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058

Event Record #/Type753878 / Error
Event Submitted/Written: 07/15/2008 05:26:49 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-07-15 05:30:15 ------------




Tara
Go to the top of the page
 
+Quote Post
Thunder
post Jul 16 2008, 03:55 AM
Post #2


Forum Addict
******

Group: HJT Team
Posts: 3,294
Joined: 12-December 05
From: Belgium
Member No.: 44,294
Hello Dingerz and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. wink.gif

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder


--------------------
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
- If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> <-- And make a difference
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2009 - 08:51 AM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.