Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tratbho Virus Removal Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 Iggy_91

Iggy_91

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 04 May 2008 - 04:47 AM

Hey, this is my first issue with my computer and I am unsure exactly what to do, I have avast! which keeps coming up with a box saying "Warning a TratBHO [trj] has been found" blah blah blah, I always press remove yet it does nothing, it seems to have embedded itself into my comp.

First, is this a harmful virus? I play online games and don't want any of my details sent off to some random person who will hack my accounts.

Second, how do I get rid of this? Its not so much an issue of "Gah you ************* virus get lost" its more the fact that I'm helpless with this virus.

Heres the logs from Hijackthis and DSS:

Main.txt:

Deckard's System Scanner v20071014.68
Run by PACKARD BELL on 2008-05-04 10:38:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
94: 2008-05-04 09:38:09 UTC - RP216 - Deckard's System Scanner Restore Point
93: 2008-05-02 15:57:48 UTC - RP215 - System Checkpoint
92: 2008-05-01 15:36:31 UTC - RP214 - System Checkpoint
91: 2008-04-30 15:04:44 UTC - RP213 - System Checkpoint
90: 2008-04-29 13:16:59 UTC - RP212 - System Checkpoint


-- First Restore Point --
1: 2008-04-26 17:46:21 UTC - RP123 - Installed Ventrilo


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as PACKARD BELL.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:16, on 04/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\PACKARD BELL.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A561A21A-761C-4F86-A97E-0D93C0078EE9} - C:\WINDOWS\system32\yayaAqpq.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [IuIROXpMG8] D:\Documents and Settings\All Users\Application Data\orypgtgh\sharohyx.exe
O4 - HKCU\..\Policies\Explorer\Run: [IuIROXpMG8] D:\Documents and Settings\All Users\Application Data\orypgtgh\sharohyx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1192357302781
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD07E35E-3BEB-422C-8D13-8B399D1EDB66}: NameServer = 192.168.1.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 11243 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>

S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 SrvCDEject - c:\program files\packard bell\srvcdeject.exe
R2 USBDeviceService - c:\program files\sonic\digitalmedia le v7\mydvd le\usbdeviceservice.exe <Not Verified; ; USBDeviceService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID:
Description: RF receiver
Device ID: USB\VID_0BC7&PID_0006\6&3ADE8ACC&0&2
Manufacturer:
Name: RF receiver
PNP Device ID: USB\VID_0BC7&PID_0006\6&3ADE8ACC&0&2
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\F56BA411D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\F56BA411D800
Service: NIC1394


-- Files created between 2008-04-04 and 2008-05-04 -----------------------------

2008-05-04 10:37:51 0 d-------- D:\Deckard
2008-05-02 19:33:36 0 d-------- D:\Documents and Settings\All Users\Application Data\orypgtgh
2008-04-27 10:36:42 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-04-27 10:11:29 0 d-------- D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Application Data\Mozilla
2008-04-26 19:47:56 0 d-------- D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Application Data\Google
2008-04-26 19:47:51 0 d-------- D:\Documents and Settings\All Users\Application Data\Google
2008-04-26 19:47:42 0 d-------- D:\Documents and Settings\All Users\Application Data\Google Updater
2008-04-26 19:47:41 0 d-------- C:\Program Files\Google
2008-04-26 18:56:31 0 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-26 18:45:59 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\AVG7
2008-04-26 18:45:51 786432 --ah----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT
2008-04-26 18:45:51 0 d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings
2008-04-26 18:45:51 0 d--hs---- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Cookies
2008-04-26 18:45:51 0 d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data
2008-04-26 18:45:51 0 d---s---- D:\Documents and Settings\LocalService.NT AUTHORITY.000\Application Data\Microsoft
2008-04-26 18:45:48 786432 --ah----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT
2008-04-26 18:45:48 0 d--h----- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings
2008-04-26 18:45:48 0 d---s---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Cookies
2008-04-26 18:45:48 0 d-------- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data
2008-04-26 18:45:48 0 d---s---- D:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Microsoft
2008-04-25 11:28:04 3362816 --a------ D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\ntuser.dat
2008-04-25 11:27:38 282167 --ahs---- C:\WINDOWS\system32\qpqAayay.ini2
2008-04-25 11:27:37 273920 -----n--- C:\WINDOWS\system32\yayaAqpq.dll
2008-04-20 14:05:00 0 d-------- D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Application Data\ArcSoft
2008-04-20 13:58:53 0 d-------- D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Application Data\HP


-- Find3M Report ---------------------------------------------------------------

2008-05-02 10:56:22 0 d-------- C:\Program Files\World of Warcraft
2008-04-27 10:22:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-27 10:22:11 0 d-------- C:\Program Files\epson
2008-04-26 18:56:05 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-01 14:11:44 0 d-------- C:\Program Files\SystemRequirementsLab
2008-03-14 22:27:28 0 d-------- D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Application Data\InstallShield
2008-03-13 15:19:10 0 d-------- D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Application Data\Samsung
2008-03-10 18:55:29 0 d-------- D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Application Data\Ventrilo
2008-03-10 18:54:48 0 d-------- C:\Program Files\Common Files
2008-03-09 11:12:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-03 17:41:42 147667 --a------ C:\WINDOWS\hpoins21.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
02/03/2007 17:52 1298024 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
02/03/2007 17:52 177768 -ra------ C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A561A21A-761C-4F86-A97E-0D93C0078EE9}]
25/04/2008 11:27 273920 --------- C:\WINDOWS\system32\yayaAqpq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [10/08/2004 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [10/08/2004 14:00]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [29/09/2005 14:01]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 01:41]
"nwiz"="nwiz.exe" [05/12/2007 01:41 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [28/06/2006 14:54 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 18:04 C:\WINDOWS\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 18:43 C:\WINDOWS\Alcmtr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe" [03/06/2005 03:52]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [13/10/2007 12:48]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [04/10/2004 13:03]
"DetectorApp"="C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [20/10/2005 06:15]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" []
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [03/11/2006 11:01]
"EPSON Stylus Photo RX620 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [15/04/2008 09:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [13/10/2007 12:56]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [11/03/2007 22:34]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [05/12/2007 01:41]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 18:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [19/01/2007 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/08/2004 14:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [26/04/2008 19:47]

D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [26/04/2008 19:47:42]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/03/2007 22:26:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"IuIROXpMG8"=D:\Documents and Settings\All Users\Application Data\orypgtgh\sharohyx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"IuIROXpMG8"=D:\Documents and Settings\All Users\Application Data\orypgtgh\sharohyx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll 30/01/2006 08:53 49152 C:\APPS\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\yayaAqpq

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc




-- End of Deckard's System Scanner: finished at 2008-05-04 10:42:47 ------------

Extra.txt:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4200+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4200+
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 2046.48 MiB / 1377.52 MiB
Pagefile Memory (total/avail): 3938.46 MiB / 3397.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.8 MiB

C: is Fixed (NTFS) - 29.99 GiB total, 9.62 GiB free.
D: is Fixed (NTFS) - 262.23 GiB total, 254.69 GiB free.
E: is CDROM (CDFS)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3320820AS - 298.09 GiB - 3 partitions
\PARTITION0 - Unknown - 5.86 GiB
\PARTITION1 (bootable) - Installable File System - 29.99 GiB - C:
\PARTITION2 - Installable File System - 262.23 GiB - D:

\\.\PHYSICALDRIVE1 - Generic- Compact Flash USB Device

\\.\PHYSICALDRIVE4 - Generic- MS/MS-Pro USB Device

\\.\PHYSICALDRIVE3 - Generic- SD/MMC USB Device

\\.\PHYSICALDRIVE2 - Generic- SM/xD-Picture USB Device

\\.\PHYSICALDRIVE5 - HP Photosmart C6200 USB Device



-- Security Center -------------------------------------------------------------

Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.524 v7.5.524 (Grisoft)
AV: avast! antivirus 4.8.1169 [VPS 080504-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"D:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"="D:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable"
"D:\\2K Games\\Dungeon Siege 2 Broken World\\DungeonSiege2.exe"="D:\\2K Games\\Dungeon Siege 2 Broken World\\DungeonSiege2.exe:*:Enabled:Dungeon Siege II Game Executable"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"D:\\Ares Ultra\\Ares Ultra.exe"="D:\\Ares Ultra\\Ares Ultra.exe:*:Enabled:Ares Ultra p2p for windows"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Warcraft III\\Warcraft III.exe"="D:\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Program Files\\SopCast\\adv\\SopAdver.exe"="D:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"D:\\Program Files\\SopCast\\SopCast.exe"="D:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KYLESCOMPUTER
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\PACKARD BELL.KYLESCOMPUTER
LOGONSERVER=\\KYLESCOMPUTER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Apps\Softex\OmniPass;C:\Program Files\Common Files\Ulead Systems\MPEG;D:\Program Files
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=D:\DOCUME~1\PACKAR~1.KYL\LOCALS~1\Temp
TMP=D:\DOCUME~1\PACKAR~1.KYL\LOCALS~1\Temp
USERDOMAIN=KYLESCOMPUTER
USERNAME=PACKARD BELL
USERPROFILE=D:\Documents and Settings\PACKARD BELL.KYLESCOMPUTER
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

PACKARD BELL.KYLESCOMPUTER (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "c:\apps\skype\phone\unins000.exe"
--> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
--> C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
--> C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\UNWISE.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\INSTALL.LOG
--> C:\PROGRA~1\GOTOSO~1\VADERE~1\UNWISE.EXE C:\PROGRA~1\GOTOSO~1\VADERE~1\INSTALL.LOG
--> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
--> C:\Program Files\Common Files\aolshare\Aolunins_uk.exe
--> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Learn2.com\StRunner\stuninst.exe
--> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
--> MsiExec.exe /I{8B543A39-9401-44F4-B572-069E64C15189}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9CFBD8-8F77-4DCD-8CB5-CDD5F653C872}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Astral Masters --> "D:\Program Files\Astral Masters\Uninstall.exe" "D:\Program Files\Astral Masters\install.log"
avast! Antivirus --> D:\Program Files\Alwil Software\Avast4\aswRunDll.exe "D:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> D:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
DivX Content Uploader --> D:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> D:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dungeon Siege 2 --> "D:\Program Files\Microsoft Games\Dungeon Siege 2\UNINSTAL.EXE" /runtemp /uninstall
Dungeon Siege 2 Broken World --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 9.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 9.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart All-In-One Software 9.0 --> C:\Program Files\HP\Digital Imaging\{D64BC2CF-0F12-47d7-B412-B4F3FD684253}\setup\hpzscr01.exe -datfile hposcr21.dat
HP Photosmart Essential 2.01 --> C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing --> MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply --> MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
KalOnlineEng --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D7F824B-6744-4C30-B78B-0966E9BD461D}\Setup.exe" -l0x9
LimeWire 4.14.10 --> "D:\LimeWire\uninstall.exe"
Macromedia Flash Player 8 --> MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Macromedia Shockwave Player --> MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9 --> D:\PROGRA~1\OPERA9~1\uninst\unwise.exe D:\PROGRA~1\OPERA9~1\uninst\install.log
PC CIF Camer@ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{B7E0C767-2F7F-4A9C-82F9-DBA8FE435692} /l1033
PhotoImpression 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
PIF DESIGNER2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBAB8CE2-6AE2-497C-A745-67A61134E72C}\SETUP.EXE" -l0x9 anything
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
ScanToWeb --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Sonic Encoders --> MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD LE --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamSpeak 2 RC2 --> D:\Teamspeak2_RC2\unins000.exe
Ulead PhotoImpact 10 SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x9
Ulead VideoStudio 9.0 SE DVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x9
UniUploader --> C:\Program Files\UniUploader\uninst.exe
Update Rollup 2 for Windows XP Media Center Edition 2005 --> C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WarRock --> C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
WebVideo Support --> C:\WINDOWS\wxvgsdbq.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246 --> "C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766 --> "C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Wow Web Stats Client --> C:\WINDOWS\system32\javaws.exe -uninstall "http://wowwebstats.com/wwsc/wws.jnlp"
Wow Web Stats Client v2 --> C:\WINDOWS\system32\javaws.exe -uninstall "http://wowwebstats.com/wwsc/wwsc2.jnlp"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3608 / Success
Event Submitted/Written: 05/02/2008 11:01:52 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type3599 / Error
Event Submitted/Written: 05/01/2008 02:55:53 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 229556153.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type3598 / Error
Event Submitted/Written: 05/01/2008 02:55:45 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 229556076.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type3597 / Error
Event Submitted/Written: 05/01/2008 02:55:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application rundll32.exe, version 5.1.2600.2180, faulting module iktbqnuo.dll, version 0.0.0.0, fault address 0x00012ba9.
Processing media-specific event for [rundll32.exe!ws!]

Event Record #/Type3596 / Error
Event Submitted/Written: 05/01/2008 02:55:29 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ctfmon.exe, version 5.1.2600.2180, faulting module iktbqnuo.dll, version 0.0.0.0, fault address 0x00012ba9.
Processing media-specific event for [ctfmon.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7789 / Warning
Event Submitted/Written: 05/03/2008 10:09:52 PM
Event ID/Source: 7 / W32Time
Event Description:
The time provider 'NtpClient' returned an error while updating its
configuration. The error will be ignored. The error was: Catastrophic failure (0x8000FFFF)

Event Record #/Type7436 / Warning
Event Submitted/Written: 04/27/2008 10:17:29 AM
Event ID/Source: 3 / Print
Event Description:
Printer EPSON Stylus Photo RX620 Series was deleted.

Event Record #/Type7435 / Warning
Event Submitted/Written: 04/27/2008 10:17:26 AM
Event ID/Source: 4 / Print
Event Description:
Printer EPSON Stylus Photo RX620 Series is pending deletion.

Event Record #/Type7147 / Error
Event Submitted/Written: 04/22/2008 11:16:27 AM
Event ID/Source: 4198 / Tcpip
Event Description:
The system detected an address conflict for IP address 192.168.1.2 with the system
having network hardware address 00:17:AB:4F:69:13. The local interface has been disabled.

Event Record #/Type6932 / Warning
Event Submitted/Written: 04/16/2008 08:55:31 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-05-04 10:42:47 ------------

Any help will be amazing, I've also tried Vundo, and that didn't work.

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:23 AM

Posted 04 May 2008 - 12:47 PM

Hi,

First of all... I notice from the log that there are running more than one different Anti-Virus programs with Auto-protect enabled. AVG and Avast.
Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with eachother, it can cause system performance problems and a serious system slowdown.

So you have to make a decision here and keep the Antivirus you prefer and uninstall the other one.
Then reboot after uninstalling.

Then, * Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:23 AM

Posted 12 May 2008 - 06:52 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users