Author Topic: Computer acting extremely strange (Read 17929 times)

20Deep · « **on:** September 26, 2008, 09:41:17 PM »

Anti-virus popped up last night saying that had detected Troj_Renos. Stated that for some reason it was unable to quarantine or clean the file.

Since then it has slowed down usage of the internet substantially, as well as blocking all website that are spyware/anti-virus related.

Additionally, when I search for something in google, when I click on a link to a webpage, a new tab is opened in Firefox and it forwards me to some advertisements.

I have run spybot, adaware, and anti-virus and all are coming back clean (although I obviously can't download the newest definition files).

I'm currently using my laptop and emailing some files to myself (Hijackthis and new adaware definitions file).

Additionally, I used the application called SmitfraudFix, which is supposed to clean the system, however that has not helped at all.

I will post the HJT log in a second.

Any ideas off the bat?

evilfantasy · « **Reply #1 on:** September 26, 2008, 10:39:42 PM »

Quote

Any ideas off the bat?

Not without logs....

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

20Deep · « **Reply #2 on:** September 26, 2008, 11:17:31 PM »

log.txt

Logfile of random's system information tool 1.02 (written by random/random)
Run by Ben at 2008-09-27 01:15:59
Microsoft Windows XP Professional Service Pack 2
System drive E: has 70 GB (45%) free of 156 GB
Total RAM: 1023 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:16:06 AM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ASUS\Probe\AsusProb.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\AVG\AVG8\avgtray.exe
E:\Program Files\AVG\AVG8\avgscanx.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Ben\Desktop\Virus Stuff\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Ben.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ASUS Probe] E:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RegistryMechanic] E:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ddoctorv2] "E:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SVCHOST.EXE] E:\WINDOWS\system32\drivers\svchost.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.lsac.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - E:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 7800 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\Program Files\AVG\AVG8\avgssie.dll [2008-09-27 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
E:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 744960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"=E:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"zBrowser Launcher"=E:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"RegistryMechanic"=E:\Program Files\Registry Mechanic\RegMech.exe [2004-07-05 1183744]
"UpdReg"=E:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"ATIPTA"=E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-09-29 344064]
"Logitech Utility"=E:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"NWEReboot"=E:\WINDOWS\system32\
"KernelFaultCheck"=E:\WINDOWS\system32\dumprep 0 -k []
"SpySweeper"=E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2006-01-25 3405312]
"P17Helper"=Rundll32 P17.dll []
"POEngine"=E:\WINDOWS\system32\
"ddoctorv2"=E:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"SunJavaUpdateSched"=E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"AVG8_TRAY"=E:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-09-27 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"STYLEXP"=E:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2005-03-14 1159168]
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"H/PC Connection Agent"=E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]
"SVCHOST.EXE"=E:\WINDOWS\system32\drivers\svchost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE [2004-02-03 401491]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
E:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
E:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
E:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe [2005-06-03 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
E:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
E:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
E:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^Ben^Start Menu^Programs^Startup^Konfabulator.lnk]
E:\Program Files\Pixoria\Konfabulator\Konfabulator.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2
"RoxUpnpServer"=2
"RoxUPnPRenderer"=3
"RoxMediaDB"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
E:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2005-05-12 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
E:\WINDOWS\system32\WRLogonNTF.dll [2006-01-25 492544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

20Deep · « **Reply #3 on:** September 26, 2008, 11:17:54 PM »

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe"="E:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe:*:Enabled:javaw"
"E:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe"="E:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe:*:Enabled:BfVietnam"
"E:\Program Files\Quake III Arena\quake3.exe"="E:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"E:\Program Files\Doom 3\doom3.exe"="E:\Program Files\Doom 3\doom3.exe:*:Enabled:DOOM 3"
"E:\Documents and Settings\Ben\Desktop\Half Life 2\hl2.exe"="E:\Documents and Settings\Ben\Desktop\Half Life 2\hl2.exe:*:Enabled:hl2"
"E:\Program Files\UT2004\System\UT2004.exe"="E:\Program Files\UT2004\System\UT2004.exe:*:Enabled:UT2004"
"E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"="E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"E:\Program Files\Microsoft ActiveSync\WCESMGR.EXE"="E:\Program Files\Microsoft ActiveSync\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"E:\Program Files\Mozilla Firefox\firefox.exe"="E:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"E:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="E:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"E:\Program Files\FlashFXP\flashfxp.exe"="E:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP"
"E:\Program Files\ASUS\AsusUpdate\Update.exe"="E:\Program Files\ASUS\AsusUpdate\Update.exe:*:Enabled:ASUS Update"
"J:\Setup.exe"="J:\Setup.exe:*:Enabled:Setup Wizard of WGA54G"
"E:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe"="E:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"E:\Program Files\Java\jre1.5.0_04\bin\javaw.exe"="E:\Program Files\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"E:\Program Files\WaterProof\PHPEdit\2.2.0\DbgListener.exe"="E:\Program Files\WaterProof\PHPEdit\2.2.0\DbgListener.exe:*:Enabled:Listener for php debugger DBG"
"E:\Program Files\Sports Interactive\Worldwide Soccer Manager 2006\wsm.exe"="E:\Program Files\Sports Interactive\Worldwide Soccer Manager 2006\wsm.exe:*:Enabled:Worldwide Soccer Manager 2006"
"E:\Program Files\AIM\aim.exe"="E:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"E:\Program Files\Azureus\Azureus.exe"="E:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"E:\Program Files\Gaim\gaim.exe"="E:\Program Files\Gaim\gaim.exe:*:Enabled:gaim"
"E:\Program Files\PPMate\ppmate.exe"="E:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate"
"E:\Program Files\PPMate\ppmnet.exe"="E:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate"
"E:\Program Files\TVAnts\Tvants.exe"="E:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"E:\Program Files\Real\RealPlayer\realplay.exe"="E:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"E:\Program Files\Windows Media Player\wmplayer.exe"="E:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"E:\Program Files\TVersity\Media Server\TVersity.exe"="E:\Program Files\TVersity\Media Server\TVersity.exe:*:Enabled:TVersity Media Server"
"E:\Program Files\SopCast\SopCast.exe"="E:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"E:\Documents and Settings\Ben\Application Data\SopCast\adv\SopAdver.exe"="E:\Documents and Settings\Ben\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"E:\Program Files\Internet Explorer\iexplore.exe"="E:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"E:\Program Files\SopCast\adv\SopAdver.exe"="E:\Program Files\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver"
"E:\WINDOWS\system32\drivers\svchost.exe"="E:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"E:\Program Files\AVG\AVG8\avgemc.exe"="E:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"E:\Program Files\AVG\AVG8\avgupd.exe"="E:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\AIM\aim.exe"="E:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{823945a6-62d7-11db-9a34-00112f1afcec}]
shell\AutoRun\command - N:\LaunchU3.exe

======List of files/folders created in the last 1 months======

2008-09-27 01:15:59 ----D---- E:\rsit
2008-09-27 00:27:17 ----D---- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-27 00:27:02 ----D---- E:\Program Files\SUPERAntiSpyware
2008-09-27 00:27:02 ----D---- E:\Documents and Settings\Ben\Application Data\SUPERAntiSpyware.com
2008-09-27 00:21:55 ----A---- E:\WINDOWS\system32\avgrsstx.dll
2008-09-27 00:21:34 ----D---- E:\Program Files\AVG
2008-09-27 00:21:34 ----D---- E:\Documents and Settings\All Users\Application Data\avg8
2008-09-27 00:06:22 ----A---- E:\WINDOWS\system32\javaws.exe
2008-09-27 00:06:22 ----A---- E:\WINDOWS\system32\javaw.exe
2008-09-27 00:06:22 ----A---- E:\WINDOWS\system32\java.exe
2008-09-26 23:58:56 ----D---- E:\Program Files\CCleaner
2008-09-26 18:43:20 ----A---- E:\WINDOWS\system32\tmp.txt
2008-09-26 18:43:04 ----A---- E:\rapport.txt
2008-09-26 17:11:51 ----D---- E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-26 17:11:12 ----D---- E:\Program Files\Common Files\Wise Installation Wizard
2008-09-26 16:21:22 ----D---- E:\Documents and Settings\Ben\Application Data\.purple
2008-09-26 16:20:50 ----D---- E:\Program Files\Aspell
2008-09-26 16:20:21 ----D---- E:\Program Files\Pidgin
2008-09-26 15:37:40 ----D---- E:\Program Files\XP Codec Pack
2008-09-13 09:47:51 ----D---- E:\Program Files\Veetle
2008-09-13 09:47:51 ----A---- E:\WINDOWS\UninstVeetleTVPlayer.exe
2008-09-11 04:00:48 ----HDC---- E:\WINDOWS\$NtUninstallKB938464$
2008-08-28 10:02:14 ----D---- E:\WINDOWS\system32\CatRoot_bak

======List of files/folders modified in the last 1 months======

2008-09-27 01:14:03 ----D---- E:\Program Files\Mozilla Firefox
2008-09-27 01:13:40 ----D---- E:\Program Files\Trend Micro
2008-09-27 01:13:25 ----D---- E:\Documents and Settings\Ben\Application Data\U3
2008-09-27 00:27:59 ----D---- E:\WINDOWS\system32\CatRoot2
2008-09-27 00:27:16 ----D---- E:\WINDOWS\Prefetch
2008-09-27 00:27:07 ----SHD---- E:\WINDOWS\Installer
2008-09-27 00:27:02 ----AD---- E:\Program Files
2008-09-27 00:23:55 ----D---- E:\WINDOWS\system32\inetsrv
2008-09-27 00:21:55 ----D---- E:\WINDOWS\system32\drivers
2008-09-27 00:21:55 ----AD---- E:\WINDOWS\system32
2008-09-27 00:21:33 ----D---- E:\WINDOWS\WinSxS
2008-09-27 00:21:33 ----D---- E:\Program Files\Common Files\Microsoft Shared
2008-09-27 00:21:29 ----D---- E:\WINDOWS
2008-09-27 00:20:41 ----D---- E:\WINDOWS\Temp
2008-09-27 00:17:58 ----A---- E:\WINDOWS\SchedLgU.Txt
2008-09-27 00:08:18 ----D---- E:\Program Files\Java
2008-09-27 00:02:07 ----D---- E:\WINDOWS\Debug
2008-09-27 00:02:06 ----D---- E:\WINDOWS\Minidump
2008-09-26 23:46:34 ----D---- E:\WINDOWS\Registration
2008-09-26 23:30:44 ----D---- E:\Program Files\Mozilla Thunderbird
2008-09-26 23:01:03 ----A---- E:\WINDOWS\winamp.ini
2008-09-26 22:01:55 ----D---- E:\Program Files\Common Files\Roxio Shared
2008-09-26 22:01:55 ----D---- E:\Program Files\Common Files
2008-09-26 22:01:53 ----D---- E:\Program Files\Roxio
2008-09-26 22:01:51 ----RSD---- E:\WINDOWS\Fonts
2008-09-26 22:01:51 ----D---- E:\Documents and Settings\All Users\Application Data\Roxio
2008-09-26 17:12:09 ----D---- E:\Program Files\Lavasoft
2008-09-26 17:12:07 ----SD---- E:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-26 17:12:07 ----D---- E:\Documents and Settings\Ben\Application Data\Lavasoft
2008-09-26 16:55:28 ----D---- E:\Program Files\FlashFXP
2008-09-26 16:21:22 ----D---- E:\Documents and Settings\Ben\Application Data\.gaim
2008-09-26 16:20:08 ----D---- E:\Program Files\Gaim
2008-09-26 14:07:33 ----D---- E:\Program Files\7-Zip
2008-09-26 14:01:17 ----D---- E:\Documents and Settings\Ben\Application Data\Mozilla
2008-09-26 13:57:54 ----D---- E:\Program Files\skiStunt
2008-09-26 13:57:38 ----SD---- E:\Documents and Settings\Ben\Application Data\Microsoft
2008-09-26 13:52:33 ----D---- E:\Program Files\MegaSpoof
2008-09-26 13:52:15 ----D---- E:\Program Files\Quake III Arena
2008-09-26 13:52:08 ----A---- E:\WINDOWS\QIII.INI
2008-09-26 13:51:57 ----D---- E:\Program Files\Project64 1.6
2008-09-26 13:50:59 ----D---- E:\Program Files\PokerOffice
2008-09-26 13:48:01 ----HD---- E:\WINDOWS\inf
2008-09-26 13:46:48 ----D---- E:\WINDOWS\system32\Macromed
2008-09-26 13:46:44 ----D---- E:\Documents and Settings\Ben\Application Data\Macromedia
2008-09-26 13:43:46 ----D---- E:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-26 13:43:16 ----HD---- E:\Program Files\InstallShield Installation Information
2008-09-26 13:40:17 ----D---- E:\Documents and Settings\All Users\Application Data\Laconic Software
2008-09-26 13:39:52 ----D---- E:\Program Files\DivX
2008-09-26 13:15:57 ----D---- E:\Program Files\Azureus
2008-09-26 13:14:04 ----D---- E:\Program Files\Acoustica Beatcraft
2008-09-19 12:34:08 ----D---- E:\Documents and Settings\Ben\Application Data\Adobe
2008-09-19 12:34:08 ----D---- E:\Documents and Settings\All Users\Application Data\Adobe
2008-09-16 13:19:06 ----D---- E:\Documents and Settings\Ben\Application Data\Azureus
2008-09-11 04:00:24 ----HD---- E:\WINDOWS\$hf_mig$
2008-08-28 10:00:22 ----RSHDC---- E:\WINDOWS\system32\dllcache
2008-08-28 05:58:33 ----D---- E:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; E:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; E:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-27 26824]
R1 kbdhid;Keyboard HID Driver; E:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SASDIFSV;SASDIFSV; \??\E:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\E:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 StyleXPHelper;StyleXPHelper; \??\E:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 aslm75;aslm75; \??\E:\WINDOWS\system32\drivers\aslm75.sys []
R2 AvgTdiX;AVG Free8 Network Redirector; E:\WINDOWS\System32\Drivers\avgtdix.sys [2008-09-27 76040]
R2 PfModNT;PfModNT; \??\E:\WINDOWS\system32\PfModNT.sys []
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; E:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2005-05-12 1198080]
R3 ctsfm2k;Creative SoundFont Management Device Driver; E:\WINDOWS\System32\drivers\ctsfm2k.sys [2005-01-09 138752]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; E:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-11 25630]
R3 LHidUsb;Logitech USB Receiver device driver; E:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-11 37916]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; E:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ossrv;Creative OS Services Driver; E:\WINDOWS\system32\drivers\ctoss2k.sys [2005-01-09 106496]
R3 P17;Sound Blaster Audigy; E:\WINDOWS\system32\drivers\P17.sys [2005-07-06 1389056]
R3 SASENUM;SASENUM; \??\E:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; E:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; E:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter; E:\WINDOWS\System32\DRIVERS\yukonwxp.sys [2003-11-10 174464]
S1 Cdr4_xp;Cdr4_xp; E:\WINDOWS\system32\drivers\Cdr4_xp.sys [2005-11-02 2432]
S1 Cdralw2k;Cdralw2k; E:\WINDOWS\system32\drivers\Cdralw2k.sys [2005-11-02 2560]
S3 ASUSHWIO;ASUSHWIO; \??\E:\WINDOWS\system32\drivers\ASUSHWIO.sys []
S3 Bridge;MAC Bridge; E:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; E:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 ctac32k;Creative AC3 Software Decoder; E:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
S3 ctaud2k;Creative Audio Driver (WDM); E:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
S3 ctljystk;Creative SBLive! Gameport; E:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ctprxy2k;Creative Proxy Driver; E:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
S3 emu10k;Creative SB Live! (WDM); E:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
S3 emu10k1;Creative Interface Manager Driver (WDM); E:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
S3 emupia;E-mu Plug-in Architecture Driver; E:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
S3 ENTECH;ENTECH; \??\E:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\GTNDIS5.SYS []
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; E:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
S3 LCcfltr;Logitech USB Filter Driver; E:\WINDOWS\System32\Drivers\LCcFltr.Sys [2003-12-11 14092]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\E:\PROGRA~1\WUSB54~1\PCANDIS5.SYS []
S3 pohci13F;pohci13F; \??\E:\DOCUME~1\Ben\LOCALS~1\Temp\pohci13F.sys []
S3 PRISM_A02;802.11a/g USB Driver; E:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2004-01-07 339488]
S3 RimUsb;BlackBerry Device; E:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; E:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; E:\WINDOWS\System32\Drivers\RootMdm.sys [2003-03-31 5888]
S3 sfman;Creative SoundFont Manager Driver (WDM); E:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 wceusbsh;Windows CE USB Serial Host Driver; E:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2003-12-21 104064]
S3 WpdUsb;WpdUsb; E:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-05-09 40704]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-04-11 87808]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; E:\WINDOWS\system32\DRIVERS\xnacc.sys [2005-09-15 476672]
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2005-05-12 368640]
R2 avg8emc;AVG Free8 E-mail Scanner; E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 Diskeeper;Diskeeper; E:\Program Files\Executive Software\Diskeeper\DkService.exe [2004-01-06 327792]
R2 IISADMIN;IIS Admin; E:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 MDM;Machine Debug Manager; E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); E:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); E:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 StyleXPService;StyleXPService; E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2005-03-14 348160]
R2 svcWRSSSDK;Webroot Spy Sweeper Engine; E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe [2006-01-25 2161152]
R2 W3SVC;World Wide Web Publishing; E:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-04 15872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 ATI Smart;ATI Smart; E:\WINDOWS\system32\ati2sgag.exe [2006-01-04 520192]
S2 avg8wd;AVG Free8 WatchDog; E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
S2 RoxLiveShare9;LiveShare P2P Server 9; E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe []
S2 RoxWatch9;Roxio Hard Drive Watcher 9; E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe []
S3 Adobe LM Service;Adobe LM Service; E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2004-10-15 68096]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe []
S3 WMConnectCDS;Windows Media Connect Service; E:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-09 823808]

-----------------EOF-----------------

20Deep · « **Reply #4 on:** September 26, 2008, 11:19:45 PM »

info.txt logfile of random's system information tool 1.02 2008-09-27 01:16:09

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->"E:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
Acoustica Effects Pack-->E:\PROGRA~1\UNWISE.EXE E:\PROGRA~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Aspell English Dictionary-0.50-2-->"E:\Program Files\Aspell\unins001.exe"
ASUS Probe V2.22.04-->E:\WINDOWS\uninst.exe -f"E:\Program Files\ASUS\Probe\DeIsL1.isu" -c"E:\Program Files\ASUS\Probe\probunis.dll"
AsusUpdate-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\ASUS\AsusUpdate\Uninst.isu"
ATI - Software Uninstall Utility-->E:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 E:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.2.0.0-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D3661269-10B6-495F-B4EE-539ABE3F9AA9} /l1033
ATI HydraVision-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AVG Free 8.0-->E:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
CCleaner (remove only)-->"E:\Program Files\CCleaner\uninst.exe"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Diskeeper Professional Edition-->MsiExec.exe /X{5511D34C-323F-42E0-8C82-0AEB3E920417}
FireTune-->E:\WINDOWS\iun6002.exe "E:\Program Files\FireTune\irunin.ini"
FlashFXP v3.0 RC4 (Build 1010)-->E:\WINDOWS\unvise32.exe E:\Program Files\FlashFXP\uninstal.log
GNU Aspell 0.50-3-->"E:\Program Files\Aspell\unins000.exe"
Google Earth-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTK+ Runtime 2.12.8 rev a (remove only)-->E:\Program Files\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"E:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB896344)-->"E:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"E:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImgBurn (Remove Only)-->"E:\Program Files\ImgBurn\uninstall.exe"
IsoBuster 1.5-->"E:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech iTouch Software-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9
Logitech MouseWare 9.80 -->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft ActiveSync 3.7-->"E:\WINDOWS\ISUNINST.EXE" -f"E:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"E:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{91510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)-->"E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2002 Setup Launcher-->E:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe D:\
Mozilla Firefox (3.0.3)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->E:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9
PartyPoker-->"E:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "E:\Program Files\PartyGaming\PartyPoker\install.log"
Pidgin-->E:\Program Files\Pidgin\pidgin-uninst.exe
PokerStars-->"E:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Registry Mechanic-->"E:\Program Files\Registry Mechanic\unins000.exe"
Security Update for Windows Media Player (KB911564)-->"E:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"E:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"E:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"E:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"E:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"E:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"E:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"E:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"E:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"E:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"E:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"E:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"E:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"E:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"E:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"E:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"E:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"E:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"E:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"E:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"E:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"E:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"E:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"E:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"E:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"E:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"E:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"E:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"E:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"E:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"E:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"E:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"E:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"E:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"E:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"E:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"E:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"E:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"E:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"E:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917537)-->"E:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"E:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"E:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"E:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"E:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"E:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"E:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"E:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"E:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"E:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"E:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"E:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"E:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"E:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

20Deep · « **Reply #5 on:** September 26, 2008, 11:20:49 PM »

Security Update for Windows XP (KB922616)-->"E:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"E:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"E:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"E:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"E:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"E:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"E:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"E:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"E:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"E:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"E:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"E:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"E:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"E:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"E:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"E:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"E:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"E:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"E:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"E:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"E:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"E:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"E:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"E:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"E:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"E:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"E:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"E:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"E:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"E:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"E:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"E:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"E:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"E:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"E:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"E:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"E:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"E:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939373)-->"E:\WINDOWS\$NtUninstallKB939373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"E:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"E:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"E:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"E:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"E:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"E:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942830)-->"E:\WINDOWS\$NtUninstallKB942830$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942831)-->"E:\WINDOWS\$NtUninstallKB942831$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"E:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"E:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"E:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"E:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"E:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"E:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"E:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"E:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"E:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"E:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"E:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"E:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"E:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"E:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"E:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"E:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"E:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"E:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"E:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"E:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"E:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"E:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"E:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"E:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SopCast 1.1.2-->E:\Program Files\SopCast\uninst.exe
Sound Blaster Live!-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9
SpeechRedist-->MsiExec.exe /X{8795CBED-55E2-4693-9F14-84EC446935BE}
Spy Sweeper-->"E:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.3-->"E:\Program Files\Spybot - Search & Destroy\unins000.exe"
StyleXP (remove only)-->"E:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TVAnts 1.0-->E:\PROGRA~1\TVAnts\UNWISE.EXE E:\PROGRA~1\TVAnts\INSTALL.LOG
Update for Windows XP (KB894391)-->"E:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"E:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"E:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"E:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"E:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"E:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"E:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"E:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"E:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"E:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"E:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"E:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"E:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"E:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"E:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"E:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"E:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"E:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"E:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Winamp (remove only)-->"E:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"E:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"E:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Connect-->"E:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"E:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB834707-->E:\WINDOWS\$NtUninstallKB834707$\spuninst\spuninst.exe
Windows XP Hotfix - KB867282-->E:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->E:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->E:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->E:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->E:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->E:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->E:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->E:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->E:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->E:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->E:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->E:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->E:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->E:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"E:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"E:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->E:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"E:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"E:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR archiver-->E:\Program Files\WinRAR\uninstall.exe
Xbox 360 Controller for Windows-->"E:\WINDOWS\$NtUninstall_Xbox_360_CC_Driver$\spuninst\spuninst.exe"
XP Codec Pack-->E:\Program Files\XP Codec Pack\Uninstall.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 i.i.com.com
127.0.0.1 websearch.com
127.0.0.1 www.websearch.com
127.0.0.1 advnt01.com
127.0.0.1 www.advnt01.com
127.0.0.1 www.xzoomy.com
127.0.0.1 xzoomy.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;E:\Program Files\Executive Software\Diskeeper\;E:\Program Files\ATI Technologies\ATI Control Panel;E:\Program Files\Common Files\Roxio Shared\DLLShared\;E:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;

-----------------EOF-----------------

evilfantasy · « **Reply #6 on:** September 26, 2008, 11:47:38 PM »

Please print these instructions as they will be needed later when Internet access is not available.

Download SDFix by AndyManchesta and save it to your desktop.

When using this tool, you must use the Administrator's account or an account with Administrative rights

Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix).
DO NOT use it just yet.

Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

----------

Spybot - Search & Destroy 1.3 <- This is about 3 or 4 years out of date. You need to uninstall it and get the new version Spybot Search & Destroy 1.6 http://www.safer-networking.org/

20Deep · « **Reply #7 on:** September 27, 2008, 08:54:01 AM »

SDFix: Version 1.229
Run by Ben on Sat 09/27/2008 at 10:41 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: E:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

E:\WINDOWS\system32\O.BAT - Deleted
E:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
E:\WINDOWS\system32\tdssadw.dll - Deleted
E:\WINDOWS\system32\tdssinit.dll - Deleted
E:\WINDOWS\system32\tdssl.dll - Deleted
E:\WINDOWS\system32\tdsslog.dll - Deleted
E:\WINDOWS\system32\tdssmain.dll - Deleted
E:\WINDOWS\system32\tdssserf.dll - Deleted
E:\WINDOWS\system32\tdssserf1.dll - Deleted
E:\WINDOWS\system32\tdssservers.dat - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 10:49:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
"ujdew"=hex:20,02,00,00,24,99,59,8e,0e,87,82,15,b4,a9,79,00,c3,5f,34,82,c1,..
"ljej40"=hex:0b,61,0a,3a,0b,f5,6f,74,a3,03,23,f6,50,d2,b8,10,f8,dd,ef,83,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg42]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe"="E:\\Program Files\\Java\\j2re1.4.2_05\\bin\\javaw.exe:*:Enabled:javaw"
"E:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe"="E:\\Program Files\\EA GAMES\\Battlefield Vietnam\\BfVietnam.exe:*:Enabled:BfVietnam"
"E:\\Program Files\\Quake III Arena\\quake3.exe"="E:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
"E:\\Program Files\\Doom 3\\doom3.exe"="E:\\Program Files\\Doom 3\\doom3.exe:*:Enabled:DOOM 3"
"E:\\Documents and Settings\\Ben\\Desktop\\Half Life 2\\hl2.exe"="E:\\Documents and Settings\\Ben\\Desktop\\Half Life 2\\hl2.exe:*:Enabled:hl2"
"E:\\Program Files\\UT2004\\System\\UT2004.exe"="E:\\Program Files\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
"E:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"="E:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE:*:Enabled:ActiveSync Connection Manager"
"E:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"="E:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"E:\\Program Files\\Mozilla Firefox\\firefox.exe"="E:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"E:\\Program Files\\FlashFXP\\flashfxp.exe"="E:\\Program Files\\FlashFXP\\flashfxp.exe:*:Enabled:FlashFXP"
"E:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"="E:\\Program Files\\ASUS\\AsusUpdate\\Update.exe:*:Enabled:ASUS Update"
"J:\\Setup.exe"="J:\\Setup.exe:*:Enabled:Setup Wizard of WGA54G"
"E:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"="E:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe:*:Enabled:Roxio Upnp Service"
"E:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"="E:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"E:\\Program Files\\WaterProof\\PHPEdit\\2.2.0\\DbgListener.exe"="E:\\Program Files\\WaterProof\\PHPEdit\\2.2.0\\DbgListener.exe:*:Enabled:Listener for php debugger DBG"
"E:\\Program Files\\Sports Interactive\\Worldwide Soccer Manager 2006\\wsm.exe"="E:\\Program Files\\Sports Interactive\\Worldwide Soccer Manager 2006\\wsm.exe:*:Enabled:Worldwide Soccer Manager 2006"
"E:\\Program Files\\AIM\\aim.exe"="E:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"E:\\Program Files\\Azureus\\Azureus.exe"="E:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"E:\\Program Files\\Gaim\\gaim.exe"="E:\\Program Files\\Gaim\\gaim.exe:*:Enabled:gaim"
"E:\\Program Files\\PPMate\\ppmate.exe"="E:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"E:\\Program Files\\PPMate\\ppmnet.exe"="E:\\Program Files\\PPMate\\ppmnet.exe:*:Enabled:PPMate"
"E:\\Program Files\\TVAnts\\Tvants.exe"="E:\\Program Files\\TVAnts\\Tvants.exe:*:Enabled:TVAnts"
"E:\\Program Files\\Real\\RealPlayer\\realplay.exe"="E:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"E:\\Program Files\\Windows Media Player\\wmplayer.exe"="E:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"E:\\Program Files\\TVersity\\Media Server\\TVersity.exe"="E:\\Program Files\\TVersity\\Media Server\\TVersity.exe:*:Enabled:TVersity Media Server"
"E:\\Program Files\\SopCast\\SopCast.exe"="E:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"E:\\Documents and Settings\\Ben\\Application Data\\SopCast\\adv\\SopAdver.exe"="E:\\Documents and Settings\\Ben\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"E:\\Program Files\\Internet Explorer\\iexplore.exe"="E:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"E:\\Program Files\\SopCast\\adv\\SopAdver.exe"="E:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Disabled:SopCast Adver"
"E:\\WINDOWS\\system32\\drivers\\svchost.exe"="E:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost"
"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"="E:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"="E:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Program Files\\AIM\\aim.exe"="E:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

Remaining Files :

File Backups: - E:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Wed 23 Feb 2005 4,348 A.SH. --- E:\DOCUME~1\ALLUSE~1\DRM\DRMV1.BAK
Wed 15 Sep 2004 19,968 A..H. --- E:\DOCUME~1\BEN\MYDOCU~1\WORDDO~1\~WRL3397.TMP
Mon 6 Dec 2004 24,064 ...H. --- E:\DOCUME~1\BEN\MYDOCU~1\WORDDO~1\~WRL3403.TMP
Sat 21 Jun 2003 377,344 A..H. --- E:\PROGRA~1\SMARTP~1\ISOBUS~1\HELP\AHLP.EXE
Mon 12 Feb 2007 3,096,576 A..H. --- E:\DOCUME~1\BEN\APPLIC~1\U3\TEMP\LAUNCH~1.EXE
Wed 23 Feb 2005 4,348 ...H. --- E:\DOCUME~1\BEN\MYDOCU~1\MYMUSI~1\LICENS~1\DRMV1KEY.BAK
Fri 28 Oct 2005 20 A..H. --- E:\DOCUME~1\BEN\MYDOCU~1\MYMUSI~1\LICENS~1\DRMV1LIC.BAK
Wed 23 Feb 2005 400 A.SH. --- E:\DOCUME~1\BEN\MYDOCU~1\MYMUSI~1\LICENS~1\DRMV2KEY.BAK
Wed 7 Sep 2005 57,092 A..H. --- E:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\VISUAL~1\7.1\VS000223.TMP

Finished!

evilfantasy · « **Reply #8 on:** September 27, 2008, 12:56:34 PM »

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

20Deep · « **Reply #9 on:** September 27, 2008, 07:53:38 PM »

ComboFix 08-09-27.01 - Ben 2008-09-27 21:38:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.538 [GMT -4:00]
Running from: E:\Documents and Settings\Ben\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

E:\WINDOWS\system32\Cache

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-27 21:31 . 2008-09-27 21:31   <DIR>   d--h-----   E:\$AVG8.VAULT$
2008-09-27 10:31 . 2008-09-27 10:32   <DIR>   d--------   E:\WINDOWS\ERUNT
2008-09-27 10:24 . 2008-09-27 10:51   <DIR>   d--------   E:\SDFix
2008-09-27 01:15 . 2008-09-27 01:16   <DIR>   d--------   E:\rsit
2008-09-27 00:27 . 2008-09-27 00:27   <DIR>   d--------   E:\Program Files\SUPERAntiSpyware
2008-09-27 00:27 . 2008-09-27 00:27   <DIR>   d--------   E:\Documents and Settings\Ben\Application Data\SUPERAntiSpyware.com
2008-09-27 00:27 . 2008-09-27 00:27   <DIR>   d--------   E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-27 00:21 . 2008-09-27 21:35   <DIR>   d--------   E:\WINDOWS\system32\drivers\Avg
2008-09-27 00:21 . 2008-09-27 00:21   <DIR>   d--------   E:\Program Files\AVG
2008-09-27 00:21 . 2008-09-27 00:24   <DIR>   d--------   E:\Documents and Settings\All Users\Application Data\avg8
2008-09-27 00:21 . 2008-09-27 00:21   97,928   --a------   E:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-27 00:21 . 2008-09-27 00:21   76,040   --a------   E:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-27 00:21 . 2008-09-27 00:21   10,520   --a------   E:\WINDOWS\system32\avgrsstx.dll
2008-09-27 00:06 . 2008-06-10 02:32   73,728   --a------   E:\WINDOWS\system32\javacpl.cpl
2008-09-26 23:58 . 2008-09-26 23:58   <DIR>   d--------   E:\Program Files\CCleaner
2008-09-26 21:37 . 2008-09-26 21:37   <DIR>   d--------   E:\Documents and Settings\NetworkService\Application Data\Webroot
2008-09-26 18:43 . 2008-09-26 21:39   3,182   --a------   E:\WINDOWS\system32\tmp.reg
2008-09-26 17:11 . 2008-09-27 00:26   <DIR>   d--------   E:\Program Files\Common Files\Wise Installation Wizard
2008-09-26 17:11 . 2008-09-26 17:12   <DIR>   d--------   E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-26 16:21 . 2008-09-26 21:34   <DIR>   d--------   E:\Documents and Settings\Ben\Application Data\.purple
2008-09-26 16:20 . 2008-09-26 16:21   <DIR>   d--------   E:\Program Files\Pidgin
2008-09-26 16:20 . 2008-09-26 16:21   <DIR>   d--------   E:\Program Files\Aspell
2008-09-26 15:37 . 2008-09-26 15:37   <DIR>   d--------   E:\Program Files\XP Codec Pack
2008-09-26 15:37 . 2008-07-09 04:05   421,888   --a------   E:\WINDOWS\system32\ac3filter.acm
2008-09-13 09:47 . 2008-09-26 13:53   <DIR>   d--------   E:\Program Files\Veetle
2008-09-13 09:47 . 2008-09-13 09:47   48,396   --a------   E:\WINDOWS\UninstVeetleTVPlayer.exe
2008-08-28 10:02 . 2008-08-28 10:02   <DIR>   d--------   E:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 14:23   ---------   d-----w   E:\Documents and Settings\Ben\Application Data\U3
2008-09-27 05:13   ---------   d-----w   E:\Program Files\Trend Micro
2008-09-27 04:08   ---------   d-----w   E:\Program Files\Java
2008-09-27 03:30   ---------   d-----w   E:\Program Files\Mozilla Thunderbird
2008-09-27 02:01   ---------   d-----w   E:\Program Files\Roxio
2008-09-27 02:01   ---------   d-----w   E:\Program Files\Common Files\Roxio Shared
2008-09-27 02:01   ---------   d-----w   E:\Documents and Settings\All Users\Application Data\Roxio
2008-09-26 21:12   ---------   d-----w   E:\Program Files\Lavasoft
2008-09-26 21:12   ---------   d-----w   E:\Documents and Settings\Ben\Application Data\Lavasoft
2008-09-26 20:55   ---------   d-----w   E:\Program Files\FlashFXP
2008-09-26 20:21   ---------   d-----w   E:\Documents and Settings\Ben\Application Data\.gaim
2008-09-26 20:20   ---------   d-----w   E:\Program Files\Gaim
2008-09-26 18:07   ---------   d-----w   E:\Program Files\7-Zip
2008-09-26 17:57   ---------   d-----w   E:\Program Files\skiStunt
2008-09-26 17:52   ---------   d-----w   E:\Program Files\Quake III Arena
2008-09-26 17:52   ---------   d-----w   E:\Program Files\MegaSpoof
2008-09-26 17:51   ---------   d-----w   E:\Program Files\Project64 1.6
2008-09-26 17:50   ---------   d-----w   E:\Program Files\PokerOffice
2008-09-26 17:43   ---------   d--h--w   E:\Program Files\InstallShield Installation Information
2008-09-26 17:43   ---------   d-----w   E:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-26 17:40   ---------   d-----w   E:\Documents and Settings\All Users\Application Data\Laconic Software
2008-09-26 17:39   ---------   d-----w   E:\Program Files\DivX
2008-09-26 17:15   ---------   d-----w   E:\Program Files\Azureus
2008-09-26 17:14   ---------   d-----w   E:\Program Files\Acoustica Beatcraft
2008-09-16 17:19   ---------   d-----w   E:\Documents and Settings\Ben\Application Data\Azureus
2008-08-26 19:11   987,136   ----a-w   E:\WINDOWS\system32\VSFilter.dll
2008-08-17 03:58   ---------   d-----w   E:\Documents and Settings\All Users\Application Data\Comcast
2008-07-19 02:10   94,920   ----a-w   E:\WINDOWS\system32\cdm.dll
2008-07-19 02:10   53,448   ----a-w   E:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10   45,768   ----a-w   E:\WINDOWS\system32\wups2.dll
2008-07-19 02:10   36,552   ----a-w   E:\WINDOWS\system32\wups.dll
2008-07-19 02:09   563,912   ----a-w   E:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09   325,832   ----a-w   E:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09   205,000   ----a-w   E:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09   1,811,656   ----a-w   E:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32   253,952   ----a-w   E:\WINDOWS\system32\es.dll
2008-07-05 10:14   456,192   ----a-w   E:\WINDOWS\system32\libmplayer.dll
2008-07-05 10:14   3,591,168   ----a-w   E:\WINDOWS\system32\libavcodec.dll
2008-07-05 10:13   708,096   ----a-w   E:\WINDOWS\system32\ff_x264.dll
2007-03-23 19:05   3,580   ----a-w   E:\Program Files\INSTALL.LOG
2005-07-31 17:28   76   ---ha-w   E:\Program Files\Desktop.ini
2004-10-01 19:31   109   ----a-w   E:\Documents and Settings\Ben\Application Data\tvmcwrd.dll
2004-09-27 22:01   0   ----a-w   E:\Documents and Settings\Ben\Application Data\wklnhst.dat
2001-09-28 21:00   164,864   ----a-w   E:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"STYLEXP"="E:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-03-14 1159168]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="E:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"zBrowser Launcher"="E:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"RegistryMechanic"="E:\Program Files\Registry Mechanic\RegMech.exe" [2004-07-05 1183744]
"UpdReg"="E:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"ATIPTA"="E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"SpySweeper"="E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2006-01-25 3405312]
"ddoctorv2"="E:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-27 1235736]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 E:\WINDOWS\LOGI_MWX.EXE]
"P17Helper"="P17.dll" [2005-05-02 E:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="E:\\Program Files\\TGTSoft\\StyleXP\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=E:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Ben^Start Menu^Programs^Startup^Konfabulator.lnk]
path=E:\Documents and Settings\Ben\Start Menu\Programs\Startup\Konfabulator.lnk
backup=E:\WINDOWS\pss\Konfabulator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 01:42 401491 E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 E:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 03:52 36975 E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 E:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2 (0x2)
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"E:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"E:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\Program Files\\FlashFXP\\flashfxp.exe"=
"E:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"E:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"E:\\Program Files\\TVAnts\\Tvants.exe"=
"E:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"E:\\Program Files\\SopCast\\SopCast.exe"=
"E:\\Documents and Settings\\Ben\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"E:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"41952:TCP"= 41952:TCP:41952

R0 SSI;SSI;E:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 78336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-27 76040]
S3 ASUSHWIO;ASUSHWIO;E:\WINDOWS\system32\drivers\ASUSHWIO.sys [ ]
S3 LCcfltr;Logitech USB Filter Driver;E:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-11 14092]
S3 pohci13F;pohci13F;E:\DOCUME~1\Ben\LOCALS~1\Temp\pohci13F.sys [ ]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-POEngine - (no file)
MSConfigStartUp-RoxioDragToDisc - E:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
MSConfigStartUp-RoxWatchTray - E:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - E:\Documents and Settings\Ben\Application Data\Mozilla\Firefox\Profiles\r6l6nj0i.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://forums.offtopic.com/
FF -: plugin - E:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - E:\Program Files\Mozilla Firefox\plugins\npmozax.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 21:46:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\WINDOWS\system32\ati2evxx.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\ati2evxx.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-09-27 21:51:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 01:51:28

Pre-Run: 72,701,812,736 bytes free
Post-Run: 72,577,687,552 bytes free

217   --- E O F ---   2008-09-11 08:00:56

20Deep · « **Reply #10 on:** September 27, 2008, 07:58:13 PM »

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:44 PM, on 9/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\PROGRA~1\AVG\AVG8\avgemc.exe
E:\Program Files\ASUS\Probe\AsusProb.exe
E:\Program Files\Logitech\iTouch\iTouch.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
E:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\explorer.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [ASUS Probe] E:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [zBrowser Launcher] E:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [RegistryMechanic] E:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpySweeper] "E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [ddoctorv2] "E:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.lsac.org
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cdi910 - Unknown owner - (no file)
O23 - Service: Diskeeper - Executive Software International, Inc. - E:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - E:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - E:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

--
End of file - 7887 bytes

evilfantasy · « **Reply #11 on:** September 27, 2008, 08:08:28 PM »

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
TDSSSERV

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Let me know how everything is now.

20Deep · « **Reply #12 on:** September 27, 2008, 08:26:00 PM »

Do I need to disable my anti-virus before running ComboFix this time?

evilfantasy · « **Reply #13 on:** September 27, 2008, 08:30:22 PM »

No you shouldn't

20Deep · « **Reply #14 on:** September 27, 2008, 09:01:42 PM »

Ok well I ran it but it didn't reboot my computer or give me a log to post.

evilfantasy · « **Reply #15 on:** September 27, 2008, 09:02:49 PM »

Restart manually.

The log will be saved in C:\combofix.txt

20Deep · « **Reply #16 on:** September 27, 2008, 09:39:07 PM »

ComboFix 08-09-27.01 - Ben 2008-09-27 23:26:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.661 [GMT -4:00]
Running from: E:\Documents and Settings\Ben\Desktop\ComboFix.exe
Command switches used :: E:\Documents and Settings\Ben\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.

2008-09-27 21:31 . 2008-09-27 21:31   <DIR>   d--h-----   E:\$AVG8.VAULT$
2008-09-27 10:31 . 2008-09-27 10:32   <DIR>   d--------   E:\WINDOWS\ERUNT
2008-09-27 10:24 . 2008-09-27 10:51   <DIR>   d--------   E:\SDFix
2008-09-27 01:15 . 2008-09-27 01:16   <DIR>   d--------   E:\rsit
2008-09-27 00:27 . 2008-09-27 00:27   <DIR>   d--------   E:\Program Files\SUPERAntiSpyware
2008-09-27 00:27 . 2008-09-27 00:27   <DIR>   d--------   E:\Documents and Settings\Ben\Application Data\SUPERAntiSpyware.com
2008-09-27 00:27 . 2008-09-27 00:27   <DIR>   d--------   E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-27 00:21 . 2008-09-27 21:35   <DIR>   d--------   E:\WINDOWS\system32\drivers\Avg
2008-09-27 00:21 . 2008-09-27 00:21   <DIR>   d--------   E:\Program Files\AVG
2008-09-27 00:21 . 2008-09-27 00:24   <DIR>   d--------   E:\Documents and Settings\All Users\Application Data\avg8
2008-09-27 00:21 . 2008-09-27 00:21   97,928   --a------   E:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-27 00:21 . 2008-09-27 00:21   76,040   --a------   E:\WINDOWS\system32\drivers\avgtdix.sys
2008-09-27 00:21 . 2008-09-27 00:21   10,520   --a------   E:\WINDOWS\system32\avgrsstx.dll
2008-09-27 00:06 . 2008-06-10 02:32   73,728   --a------   E:\WINDOWS\system32\javacpl.cpl
2008-09-26 23:58 . 2008-09-26 23:58   <DIR>   d--------   E:\Program Files\CCleaner
2008-09-26 21:37 . 2008-09-26 21:37   <DIR>   d--------   E:\Documents and Settings\NetworkService\Application Data\Webroot
2008-09-26 18:43 . 2008-09-26 21:39   3,182   --a------   E:\WINDOWS\system32\tmp.reg
2008-09-26 17:11 . 2008-09-27 00:26   <DIR>   d--------   E:\Program Files\Common Files\Wise Installation Wizard
2008-09-26 17:11 . 2008-09-26 17:12   <DIR>   d--------   E:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-26 16:21 . 2008-09-26 21:34   <DIR>   d--------   E:\Documents and Settings\Ben\Application Data\.purple
2008-09-26 16:20 . 2008-09-26 16:21   <DIR>   d--------   E:\Program Files\Pidgin
2008-09-26 16:20 . 2008-09-26 16:21   <DIR>   d--------   E:\Program Files\Aspell
2008-09-26 15:37 . 2008-09-26 15:37   <DIR>   d--------   E:\Program Files\XP Codec Pack
2008-09-26 15:37 . 2008-07-09 04:05   421,888   --a------   E:\WINDOWS\system32\ac3filter.acm
2008-09-13 09:47 . 2008-09-26 13:53   <DIR>   d--------   E:\Program Files\Veetle
2008-09-13 09:47 . 2008-09-13 09:47   48,396   --a------   E:\WINDOWS\UninstVeetleTVPlayer.exe
2008-08-28 10:02 . 2008-08-28 10:02   <DIR>   d--------   E:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 14:23   ---------   d-----w   E:\Documents and Settings\Ben\Application Data\U3
2008-09-27 05:13   ---------   d-----w   E:\Program Files\Trend Micro
2008-09-27 04:08   ---------   d-----w   E:\Program Files\Java
2008-09-27 03:30   ---------   d-----w   E:\Program Files\Mozilla Thunderbird
2008-09-27 02:01   ---------   d-----w   E:\Program Files\Roxio
2008-09-27 02:01   ---------   d-----w   E:\Program Files\Common Files\Roxio Shared
2008-09-27 02:01   ---------   d-----w   E:\Documents and Settings\All Users\Application Data\Roxio
2008-09-26 21:12   ---------   d-----w   E:\Program Files\Lavasoft
2008-09-26 21:12   ---------   d-----w   E:\Documents and Settings\Ben\Application Data\Lavasoft
2008-09-26 20:55   ---------   d-----w   E:\Program Files\FlashFXP
2008-09-26 20:21   ---------   d-----w   E:\Documents and Settings\Ben\Application Data\.gaim
2008-09-26 20:20   ---------   d-----w   E:\Program Files\Gaim
2008-09-26 18:07   ---------   d-----w   E:\Program Files\7-Zip
2008-09-26 17:57   ---------   d-----w   E:\Program Files\skiStunt
2008-09-26 17:52   ---------   d-----w   E:\Program Files\Quake III Arena
2008-09-26 17:52   ---------   d-----w   E:\Program Files\MegaSpoof
2008-09-26 17:51   ---------   d-----w   E:\Program Files\Project64 1.6
2008-09-26 17:50   ---------   d-----w   E:\Program Files\PokerOffice
2008-09-26 17:43   ---------   d--h--w   E:\Program Files\InstallShield Installation Information
2008-09-26 17:43   ---------   d-----w   E:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-26 17:40   ---------   d-----w   E:\Documents and Settings\All Users\Application Data\Laconic Software
2008-09-26 17:39   ---------   d-----w   E:\Program Files\DivX
2008-09-26 17:15   ---------   d-----w   E:\Program Files\Azureus
2008-09-26 17:14   ---------   d-----w   E:\Program Files\Acoustica Beatcraft
2008-09-16 17:19   ---------   d-----w   E:\Documents and Settings\Ben\Application Data\Azureus
2008-08-17 03:58   ---------   d-----w   E:\Documents and Settings\All Users\Application Data\Comcast
2007-03-23 19:05   3,580   ----a-w   E:\Program Files\INSTALL.LOG
2005-07-31 17:28   76   ---ha-w   E:\Program Files\Desktop.ini
2004-10-01 19:31   109   ----a-w   E:\Documents and Settings\Ben\Application Data\tvmcwrd.dll
2004-09-27 22:01   0   ----a-w   E:\Documents and Settings\Ben\Application Data\wklnhst.dat
2001-09-28 21:00   164,864   ----a-w   E:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-09-27_21.50.07.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-28 01:46:28   218,472   ----a-w   E:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-09-28 03:31:12   218,472   ----a-w   E:\WINDOWS\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"STYLEXP"="E:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-03-14 1159168]
"MSMSGS"="E:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"H/PC Connection Agent"="E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS Probe"="E:\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"zBrowser Launcher"="E:\Program Files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"RegistryMechanic"="E:\Program Files\Registry Mechanic\RegMech.exe" [2004-07-05 1183744]
"UpdReg"="E:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Jet Detection"="E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"ATIPTA"="E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-09-29 344064]
"SpySweeper"="E:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2006-01-25 3405312]
"ddoctorv2"="E:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SunJavaUpdateSched"="E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="E:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-27 1235736]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 E:\WINDOWS\LOGI_MWX.EXE]
"P17Helper"="P17.dll" [2005-05-02 E:\WINDOWS\system32\P17.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="E:\\Program Files\\TGTSoft\\StyleXP\\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=E:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=E:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\E:^Documents and Settings^Ben^Start Menu^Programs^Startup^Konfabulator.lnk]
path=E:\Documents and Settings\Ben\Start Menu\Programs\Startup\Konfabulator.lnk
backup=E:\WINDOWS\pss\Konfabulator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-03 01:42 401491 E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 E:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-06-03 03:52 36975 E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 E:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch"=2 (0x2)
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"E:\\Program Files\\Microsoft ActiveSync\\WCESMGR.EXE"=
"E:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"E:\\Program Files\\FlashFXP\\flashfxp.exe"=
"E:\\Program Files\\ASUS\\AsusUpdate\\Update.exe"=
"E:\\Program Files\\Java\\jre1.5.0_04\\bin\\javaw.exe"=
"E:\\Program Files\\TVAnts\\Tvants.exe"=
"E:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"E:\\Program Files\\SopCast\\SopCast.exe"=
"E:\\Documents and Settings\\Ben\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"E:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"E:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"41952:TCP"= 41952:TCP:41952

R0 SSI;SSI;E:\WINDOWS\system32\Drivers\SSI.SYS [2006-01-25 78336]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;E:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-27 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;E:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-27 875288]
R2 avg8wd;AVG Free8 WatchDog;E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-27 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;E:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-27 76040]
S3 ASUSHWIO;ASUSHWIO;E:\WINDOWS\system32\drivers\ASUSHWIO.sys [ ]
S3 LCcfltr;Logitech USB Filter Driver;E:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-12-11 14092]
S3 pohci13F;pohci13F;E:\DOCUME~1\Ben\LOCALS~1\Temp\pohci13F.sys [ ]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-27 23:31:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

E:\WINDOWS\TEMP\8273c39e-1d1f-4926-ad2e-daff87b9b72e.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
E:\WINDOWS\system32\ati2evxx.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
E:\Program Files\Executive Software\Diskeeper\DkService.exe
E:\WINDOWS\system32\inetsrv\inetinfo.exe
E:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
E:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
E:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
E:\Program Files\AVG\AVG8\avgrsx.exe
E:\WINDOWS\system32\ati2evxx.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
.
**************************************************************************
.
Completion time: 2008-09-27 23:37:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 03:37:29
ComboFix2.txt 2008-09-28 01:51:39

Pre-Run: 72,553,689,088 bytes free
Post-Run: 72,538,308,608 bytes free

191   --- E O F ---   2008-09-11 08:00:56

evilfantasy · « **Reply #17 on:** September 27, 2008, 09:56:17 PM »

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.

----------

Download ATF Cleaner by Atribune to your Desktop.

Alternate download link

Note: Vista users must use Run As Administrator

Under Main: Select Files to Delete choose: Select All.
Click the Empty Selected button.
If you use Firefox browser click Firefox at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
If you use Opera browser click Opera at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords click No at the prompt.
Click Exit on the Main menu to close the program.

.
Note that your system will run slower for a reboot or two after having used this tool so don't panic.

----------

Download OTCleanIt.exe and save it to your Desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it yourself.

.
Important: Restart the computer before continuing.

----------

Run this online scan. Requires Internet Explorer

Use the ESET Nod32 Online Scanner

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

20Deep · « **Reply #18 on:** September 28, 2008, 07:49:06 AM »

Yea it seems to be working much better. I haven't gone through the final step from your last post yet but will here shortly.

AVG has popped up a couple times saying that there is a threat detected in E:\System Volume Information\_restore...etc.

Is this just trojan files that are present in the restore files I assume?

20Deep · « **Reply #19 on:** September 28, 2008, 09:03:37 AM »

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3478 (20080928)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=61ea1c437661b948b4fdb06f9b362522
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-09-28 03:01:37
# local_time=2008-09-28 11:01:37 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=318220
# found=0
# scan_time=2600

evilfantasy · « **Reply #20 on:** September 28, 2008, 01:05:38 PM »

Quote from: 20Deep on September 28, 2008, 07:49:06 AM

AVG has popped up a couple times saying that there is a threat detected in E:\System Volume Information\_restore...etc.

Is this just trojan files that are present in the restore files I assume?

Yes and we will take care of that now in the final steps.

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. Safety ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

20Deep · « **Reply #21 on:** September 28, 2008, 09:44:13 PM »

Awesome.

I can't explain how much help you have been.

evilfantasy · « **Reply #22 on:** September 28, 2008, 09:55:21 PM »

Glad it worked out for the good!!

Computer Hope Forum

News:

Author Topic: Computer acting extremely strange (Read 17929 times)

20Deep

evilfantasy

20Deep

20Deep

20Deep

20Deep

evilfantasy

20Deep

evilfantasy

20Deep

20Deep

evilfantasy

20Deep

evilfantasy

20Deep

evilfantasy

20Deep

evilfantasy

20Deep

20Deep

evilfantasy

20Deep

evilfantasy