Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help Removing Adsoftinc

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need Help Removing Adsoftinc

Unread postby ArtLab » December 19th, 2008, 11:28 am

For the last 3 weeks or so I have been bombarded by all sorts of unrequested pages and popups from something which calls itself "Contextual Platform Adsoftinc". This happens both in IE and Firefox. I have tried about 5 different spyware removal programs all to no avail. Please help me with this very annoying problem. Thanks and regards.

Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52, on 18-Dec-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [Ptipbmf] "C:\WINDOWS\system32\rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EnvyHFCPL] "C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" 1
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D19135C-6D38-44AD-80F0-D9318F48726D} (BwOutlook.OutlookIntegrator) - http://appserver.dca.broadvoice.com/com ... utlook.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.3.7.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 2974583406
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://192.35.96.219/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 3318139859
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9549 bytes
ArtLab
Active Member
 
Posts: 14
Joined: December 18th, 2008, 12:35 pm
Advertisement
Register to Remove

Re: Need Help Removing Adsoftinc

Unread postby Odd dude » December 23rd, 2008, 1:56 pm

Hello and welcome to the forums!

I'm Odd dude, pleased to meet you; if it helps, you can call me OD ;). I will be helping you with your infection. However, it is important to take note of the following - quite the wall of text, I know, but please bear with me:

  • Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
  • Please carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Only YOU must use these instructions, they are not suitable for any other computer with similar problems.
  • Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
  • If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
  • In Windows Vista, all tools need to be started by right clicking and selecting Run as administrator!
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you were to do the same. From this point, we're in this together ;)
  • As I am still in training at the Malware Removal University, anything I do must be checked by an experienced malware fighter. This means there might be a slight delay in my answers.
  • Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

I am now analyzing your situation and hope to be back with you soon. While I am reviewing your situation, could you please do the following for me:

Make an Uninstall List
I need you to create an uninstall list so I can further analyze your situation.

  • Start HijackThis.
  • Click Open the Misc Tools section
  • Click Open Uninstall Manager
  • Click Save list...
  • Save the list to your desktop, or any other convenient place.

Please post back:
  • Uninstall list
  • New hijackthis log
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Need Help Removing Adsoftinc

Unread postby ArtLab » December 23rd, 2008, 3:54 pm

OK OD, I do appreciate your interest in helping me and will try to faithfully follow your instructions. However, I seem to have run into my first stumbling block: In trying to save an uninstall list, as per your instructions, when I hit the "save list" button hijackthis simply closes (shuts down) and does not even give me a chance to specifiy where it should be saved. I have tried several times and even re-installed hijack this, but nothing helped. Please let me know if there's a workaround so I can comply with your request to send you an uninstall list.
ArtLab
Active Member
 
Posts: 14
Joined: December 18th, 2008, 12:35 pm

Re: Need Help Removing Adsoftinc

Unread postby Odd dude » December 23rd, 2008, 4:13 pm

That is a common sign for a certain infection.

Please skip those instructions for now.

I currently have a proposed fix ready for you and I am waiting for the teachers to approve that that fix is okay to post and will not cause any harm to your computer. (This is standard procedure for MRU Undergrads such as myself).

So please hang on in there - I will have instructions ready for you soon :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Need Help Removing Adsoftinc

Unread postby ArtLab » December 24th, 2008, 1:02 pm

We'll be standing by. Have a merry Xmas.
ArtLab
Active Member
 
Posts: 14
Joined: December 18th, 2008, 12:35 pm

Re: Need Help Removing Adsoftinc

Unread postby Odd dude » December 25th, 2008, 5:06 am

Hi ArtLab,
Merry Christmas and happy holidays!!

Malwarebytes' Anti-Malware
I need you to download Malwarebytes' Anti-Malware.

  • Install the program by following the prompts after double-clicking on mbam-setup.exe
  • Once you approach the final installation screen, put a check next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish
  • MBAM (that's an acronym of Malwarebytes' Anti-Malware) will now start. Choose Perform full scan and click Scan
  • Get a cup of coffee/tea/hot chocolate and watch some TV for about an hour.
  • Once the scan has finished, click OK, then Show Results.
  • Put a check next to everything, then click Remove selected.
  • Now, a log will open. Save this to your desktop and post it.

Open hijackthis and close all other open windows. Click do a system scan only.
Put a check next to these and click fix checked (don't worry if they're not all there):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

RSIT
Please download random/random's system information tool (RSIT) and run it. At the disclaimer screen, choose a period of one month. Then click Continue. It will produce two logs:

  • log.txt (will be maximized)
  • info.txt (will be minimized)

Please post both in your next reply. If they won't fit into one post, divide them over multiple posts :)

In your next reply, post:
- log from Malwarebytes'
- logs from RSIT
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Need Help Removing Adsoftinc

Unread postby ArtLab » December 25th, 2008, 6:08 pm

Things went reasonably well and it is evident that we have made much progress although it's to early for me to declare definite victory. :lol: Here are the logs, my good friend:

Malwarebytes' Anti-Malware 1.31
Database version: 1546
Windows 5.1.2600 Service Pack 3

25-Dec-08 16:21:14
mbam-log-2008-12-25 (16-21-14).txt

Scan type: Full Scan (C:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 216887
Time elapsed: 45 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 5
Registry Keys Infected: 24
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 4
Files Infected: 40

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hgGVoOeB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\upxxsbju.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\zvczcbpmvk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{237a05e2-0537-458c-b7cb-adfeaacc613d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{237a05e2-0537-458c-b7cb-adfeaacc613d} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b5a5db47-05ee-4950-b27c-54fd12bac07a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b5a5db47-05ee-4950-b27c-54fd12bac07a} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b5a5db47-05ee-4950-b27c-54fd12bac07a} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spyware guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\spyware guard (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{474be296-218e-4ca2-b9ed-cea2ca68ff62} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{41573f5d-1b06-4ead-b2eb-d63234c173e6} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\583c8d30 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\InternetConnection (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ieModule (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggvooeb -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\hggvooeb -> Delete on reboot.

Folders Infected:
C:\Program Files\Spyware Guard 2008 (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\p2pmax (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Art\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hgGVoOeB.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\BeOoVGgh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BeOoVGgh.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdymlm.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\upxxsbju.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ujbsxxpu.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C59DE1E-59E4-424A-AACF-409EF6403950}\RP13\A0007199.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C59DE1E-59E4-424A-AACF-409EF6403950}\RP13\A0007200.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1C59DE1E-59E4-424A-AACF-409EF6403950}\RP13\A0007201.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\argxrlwb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kdxrzp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\weklro.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tocbrvsu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ygtnbhpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Art\Local Settings\temp\TDSS3d0b.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\conf.cfg (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\mbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\quarantine.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\spywareguard.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\uninstall.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\Spyware Guard 2008\vbase.vdb (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Program Files\p2pmax\p2pmaxu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\nsadsoftinc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUkKDuu.dll (Trojan.vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\sysexplorer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winscenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\reged.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\spoolsystem.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\sys.com (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\syscert.exe (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\WINDOWS\vmreg.dll (Rogue.SpywareGuard) -> Quarantined and deleted successfully.
C:\Documents and Settings\Art\Local Settings\temp\TDSS3c6f.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\svhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\svhost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Protect\track.sys (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\zvczcbpmvk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\moduleie.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\TDSSfpmp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.


info.txt logfile of random's system information tool 1.05 2008-12-25 16:32:46

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.47 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Premiere Elements 4.0-->MsiExec.exe /I{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
All That Chords! 3.2-->"C:\Program Files\All That Chords!\unins000.exe"
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AP Tuner 3.06-->"C:\Program Files\AP Tuner\AP Tuner 3.06\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASUS Probe V2.22.04-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
ASUSUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
CarBasePro-->C:\WINDOWS\GPPSOFT\DEINST.EXE CarBasePro
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Civilization III Complete Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2157961D-0507-44A8-BCF2-1EE2D439E8DF}
Civilization III v1.29f-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}\Setup.exe"
ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe"
Cool & Quiet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
Cool Edit Pro 2.0-->C:\Program Files\coolpro2\cep2unin.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
Driver Genius Professional Edition 2007-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
ECO Bar-->regsvr32 /u /s "C:\Program Files\IEToolbar\ECO Bar\tbu01267\ecobar.dll"
Envy24 Family Audio Controller's Driver Uninstall-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Envy24 Family Audio Controller\Uninst.isu"
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
File Lock 4.2-->C:\Program Files\File Lock\uninst.exe
FingerPower! Vol. 1-->C:\WINDOWS\iun6002.exe "C:\Program Files\PlayPianoTODAY\FingerPower! Vol. 1\irunin.ini"
FLV Player 2.0, build 24-->C:\Program Files\FLV Player\uninst.exe
Free Internet TV v6.0-->"C:\Program Files\Free Internet TV\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Firefox-->MsiExec.exe /X{AA345678-12B4-1C34-12D4-12345678FFEE}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hauppauge WinTV Infrared Remote-->C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
Hauppauge WinTV IR Blaster-->C:\PROGRA~1\WinTV\UNirblst.EXE C:\PROGRA~1\WinTV\IRblast.LOG
Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.log
Hauppauge WinTV TV Services-->C:\PROGRA~1\WinTV\uniTvSrv.exe C:\PROGRA~1\WinTV\UniTVSrv.LOG
Hauppauge WinTV-->C:\PROGRA~1\WinTV\UNTV6.EXE C:\PROGRA~1\WinTV\WINTV6.LOG
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP PrecisionScan Pro and Utilities-->C:\SCANJET\PrecisionScanPro\uninstal.exe C:\SCANJET\PrecisionScanPro\uninstal.cfg
Image Web Server 7.0 IE Plugins (Build:3,1,0,229)-->C:\PROGRA~1\EARTHR~1\IMAGEW~1\Client\CABInst.exe -u
InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
Ipswitch WS_FTP Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
K-Lite Codec Pack 3.8.0 Basic-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LogMeIn-->MsiExec.exe /I{A83C6C34-3007-422A-9E56-A74996BCCDBD}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
MediaCoder 0.6.1-->C:\Program Files\MediaCoder\uninst.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator 2004 A Century of Flight-->"C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
nanoPEG-Editor 2.3 Hauppauge Edition-->"C:\Program Files\nanocosmos\MPEG-Tools for Hauppauge\Editor2\unins000.exe"
nanoPEG-Editor 2.6.0 for WinTV-->"C:\Program Files\nanoPEG for WinTV\nanoPEG Editor\unins000.exe"
NASA World Wind 1.3-->"C:\Program Files\NASA\World Wind 1.3\Uninstall_World_Wind_1.3.exe"
Nero 7 Ultra Edition-->MsiExec.exe /X{98EFD8F0-08DE-48DB-B922-A2EBAB711033}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
P2P Max-->"C:\Program Files\p2pmax\p2pmaxu.exe"
PCForrest StartMan 1.3.96-->MsiExec.exe /I{A85D8CC4-4DB9-11D6-B038-0000B49CEE91}
Photodex Presenter-->C:\Program Files\Photodex Presenter\uninst.exe
PhotoNow!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
Poedit-->"C:\Program Files\Poedit\unins000.exe"
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -l0x000409 /z-uninstall
ProShow Gold-->C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
Quicken 2008-->MsiExec.exe /X{3B0F52AC-EF5C-4831-B221-06C782E41280}
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Radmin Server 3.0-->MsiExec.exe /X{AAD51583-6D43-4444-A1FF-0C8345345526}
Radmin Viewer 3.0-->MsiExec.exe /X{07D00E73-7F67-4008-A33C-80C7D53F1857}
Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
SST Programming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03ADCA1C-BCF0-4B12-AFCF-8EBF2CB3AB07}\setup.exe" AddRem
Super Blank 3.01-->"C:\Program Files\SuperBlank\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ulead DVD MovieFactory 4.0 SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x9
UnRAR for Windows-->C:\Program Files\UnRar for Windows\Uninstal.exe
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
Virtual Earth 3D (Beta)-->MsiExec.exe /I{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Resource Kit Tools-->MsiExec.exe /I{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WMAConvert 1.3.1-->"C:\Program Files\WMAConvert\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081225-0]

System event log

Computer Name: MYNEWPC
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 344283
Source Name: Service Control Manager
Time Written: 20081123114945.000000-300
Event Type: information
User:

Computer Name: MYNEWPC
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 344282
Source Name: Service Control Manager
Time Written: 20081123114945.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: MYNEWPC
Event Code: 7035
Message: The aswRdr service was successfully sent a start control.

Record Number: 344281
Source Name: Service Control Manager
Time Written: 20081123114945.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: MYNEWPC
Event Code: 7035
Message: The IMAPI CD-Burning COM Service service was successfully sent a start control.

Record Number: 344280
Source Name: Service Control Manager
Time Written: 20081123114945.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: MYNEWPC
Event Code: 7036
Message: The avast! Web Scanner service entered the running state.

Record Number: 344279
Source Name: Service Control Manager
Time Written: 20081123114945.000000-300
Event Type: information
User:

Application event log

Computer Name: MYNEWPC
Event Code: 1517
Message: Windows saved user MYNEWPC\Art registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5
Source Name: Userenv
Time Written: 20080627183623.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MYNEWPC
Event Code: 0
Message:
Record Number: 4
Source Name: NMIndexingService
Time Written: 20080627182612.000000-240
Event Type: information
User:

Computer Name: MYNEWPC
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20080627182610.000000-240
Event Type: information
User:

Computer Name: MYNEWPC
Event Code: 0
Message:
Record Number: 2
Source Name: RichVideo
Time Written: 20080627182605.000000-240
Event Type: information
User:

Computer Name: MYNEWPC
Event Code: 0
Message:
Record Number: 1
Source Name: gusvc
Time Written: 20080627182604.000000-240
Event Type: information
User:

Security event log

Computer Name: MYNEWPC
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: KSecDD

Record Number: 71000
Source Name: Security
Time Written: 20081216123743.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: MYNEWPC
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: LAN Manager Workstation Service

Record Number: 70999
Source Name: Security
Time Written: 20081216123743.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: MYNEWPC
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.




Logon Process Name: CHAP

Record Number: 70998
Source Name: Security
Time Written: 20081216123741.000000-300
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: MYNEWPC
Event Code: 576
Message: Special privileges assigned to new logon:

User Name:

Domain:

Logon ID: (0x0,0x1042D)

Privileges: SeDebugPrivilege
SeChangeNotifyPrivilege
SeBackupPrivilege
SeRestorePrivilege

Record Number: 70997
Source Name: Security
Time Written: 20081216123741.000000-300
Event Type: audit success
User: MYNEWPC\Art

Computer Name: MYNEWPC
Event Code: 528
Message: Successful Logon:

User Name: Art

Domain: MYNEWPC

Logon ID: (0x0,0x1042D)

Logon Type: 2

Logon Process: User32

Authentication Package: Negotiate

Workstation Name: MYNEWPC

Logon GUID: -

Record Number: 70996
Source Name: Security
Time Written: 20081216123741.000000-300
Event Type: audit success
User: MYNEWPC\Art

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Windows Resource Kits\Tools;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 10, AuthenticAMD
"PROCESSOR_REVISION"=040a
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Art at 2008-12-25 16:46:38
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 83 GB (76%) free of 110 GB
Total RAM: 1023 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46, on 25-Dec-08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Art\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Art.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [Ptipbmf] "C:\WINDOWS\system32\rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EnvyHFCPL] "C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" 1
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D19135C-6D38-44AD-80F0-D9318F48726D} (BwOutlook.OutlookIntegrator) - http://appserver.dca.broadvoice.com/com ... utlook.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.3.7.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 2974583406
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://192.35.96.219/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 3318139859
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqOGyyw - ssqOGyyw.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10081 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ohoqjbnl.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{E4F5BF34-73F6-4B42-8CE6-893AB021A719}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2008-05-04 2554944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2004-06-03 172032]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2006-01-13 196608]
"Ptipbmf"=C:\WINDOWS\system32\ptipbmf.dll [2003-06-20 118784]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"EnvyHFCPL"=C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [2008-07-07 524288]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2008-10-08 864256]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-03 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqOGyyw]
ssqOGyyw.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\WhoCalls\WhoCalls.exe"="C:\Program Files\WhoCalls\WhoCalls.exe:*:Enabled:WhoCalls.exe"
"C:\Program Files\Ipswitch\WS_FTP Pro\wsftpgui.exe"="C:\Program Files\Ipswitch\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application"
"C:\Program Files\LimeWire\LimeWire 4.2.6 Pro\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire 4.2.6 Pro\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\WINDOWS\system32\rserver30\FamItrfc.Exe"="C:\WINDOWS\system32\rserver30\FamItrfc.Exe:*:Enabled:FamItrfc"
"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe:*:Enabled:GoogleUpdaterService"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-12-25 16:31:19 ----D---- C:\rsit
2008-12-24 12:02:40 ----SH---- C:\WINDOWS\system32\uhflhfmy.ini
2008-12-23 14:19:15 ----D---- C:\Program Files\Trend Micro
2008-12-23 11:57:58 ----SH---- C:\WINDOWS\system32\vlbxquxf.ini
2008-12-21 08:48:08 ----A---- C:\WINDOWS\iun6002.exe
2008-12-21 08:48:05 ----D---- C:\Program Files\PlayPianoTODAY
2008-12-16 09:12:58 ----SHD---- C:\RECYCLER
2008-12-16 09:12:52 ----D---- C:\ComboFix
2008-12-16 09:12:52 ----A---- C:\WINDOWS\system32\CF22315.exe
2008-12-14 13:10:35 ----D---- C:\Kaspersky
2008-12-14 13:06:04 ----D---- C:\Bases
2008-12-14 12:56:30 ----D---- C:\mwavunzip
2008-12-14 11:16:25 ----D---- C:\Binaries
2008-12-11 10:03:02 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-11 09:47:02 ----A---- C:\WINDOWS\system32\locate.com
2008-12-11 09:45:10 ----D---- C:\MGtools
2008-12-11 09:18:05 ----A---- C:\Boot.bak
2008-12-11 09:17:59 ----RASHD---- C:\cmdcons
2008-12-11 09:15:58 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-11 09:15:57 ----A---- C:\WINDOWS\zip.exe
2008-12-11 09:15:57 ----A---- C:\WINDOWS\VFIND.exe
2008-12-11 09:15:57 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-11 09:15:57 ----A---- C:\WINDOWS\SWSC.exe
2008-12-11 09:15:57 ----A---- C:\WINDOWS\SWREG.exe
2008-12-11 09:15:57 ----A---- C:\WINDOWS\sed.exe
2008-12-11 09:15:57 ----A---- C:\WINDOWS\grep.exe
2008-12-11 09:15:57 ----A---- C:\WINDOWS\fdsv.exe
2008-12-11 09:15:52 ----D---- C:\WINDOWS\ERDNT
2008-12-11 09:15:52 ----D---- C:\Qoobox
2008-12-10 22:41:20 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-10 22:41:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 16:58:30 ----A---- C:\MGtools.exe
2008-12-10 13:36:02 ----D---- C:\Program Files\CCleaner
2008-12-09 17:34:04 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-08 22:22:11 ----A---- C:\WINDOWS\ykgee3362.exe
2008-12-08 22:20:54 ----A---- C:\WINDOWS\system32\knrnfsanzhigdw.exe
2008-12-07 11:21:45 ----D---- C:\Program Files\All That Chords!
2008-12-05 11:26:59 ----D---- C:\Program Files\Piano and Keyboard Salsa Vol 1

======List of files/folders modified in the last 1 months======

2008-12-25 16:35:55 ----D---- C:\WINDOWS\Temp
2008-12-25 16:29:06 ----D---- C:\Program Files\Mozilla Firefox
2008-12-25 16:26:58 ----D---- C:\WINDOWS\system32\drivers
2008-12-25 16:26:12 ----D---- C:\WINDOWS
2008-12-25 16:26:12 ----D---- C:\Program Files
2008-12-25 16:26:11 ----D---- C:\WINDOWS\system32
2008-12-25 16:25:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-25 15:32:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-25 13:38:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-25 13:24:14 ----D---- C:\Program Files\Enigma Software Group
2008-12-25 13:12:08 ----D---- C:\WINDOWS\Prefetch
2008-12-25 13:12:08 ----D---- C:\WINDOWS\Minidump
2008-12-25 09:41:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-25 00:53:21 ----AC---- C:\WINDOWS\system32\531f494e-.txt
2008-12-23 11:46:45 ----SD---- C:\WINDOWS\Tasks
2008-12-22 22:54:34 ----D---- C:\Documents and Settings\Art\Application Data\uTorrent
2008-12-21 08:44:50 ----RSD---- C:\WINDOWS\Fonts
2008-12-19 11:32:24 ----SHD---- C:\WINDOWS\Installer
2008-12-17 20:00:36 ----D---- C:\WINDOWS\inf
2008-12-17 20:00:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 20:00:26 ----D---- C:\WINDOWS\ie7updates
2008-12-17 20:00:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 23:43:34 ----D---- C:\Documents and Settings
2008-12-16 09:08:25 ----N---- C:\WINDOWS\system.ini
2008-12-16 09:07:40 ----D---- C:\WINDOWS\AppPatch
2008-12-16 09:07:40 ----D---- C:\Program Files\Common Files
2008-12-16 08:33:05 ----D---- C:\Program Files\Apple Software Update
2008-12-15 22:33:40 ----D---- C:\Program Files\eMule
2008-12-14 16:36:51 ----RASH---- C:\boot.ini
2008-12-14 11:16:42 ----A---- C:\WINDOWS\win.ini
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 11:31:33 ----SHD---- C:\System Volume Information
2008-12-11 11:31:33 ----D---- C:\WINDOWS\system32\Restore
2008-12-11 11:21:15 ----D---- C:\WINDOWS\Debug
2008-12-11 10:04:52 ----D---- C:\Program Files\Internet Explorer
2008-12-11 09:20:52 ----D---- C:\WINDOWS\system32\config
2008-12-11 09:20:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-10 22:46:55 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-10 18:17:28 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-10 18:17:27 ----D---- C:\Documents and Settings\Art\Application Data\SUPERAntiSpyware.com
2008-12-10 13:18:38 ----A---- C:\WINDOWS\SuperBlank.INI
2008-12-10 13:15:37 ----D---- C:\temp
2008-12-10 13:06:31 ----D---- C:\Program Files\Call of Duty Game of the Year Edition
2008-12-10 13:04:09 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-10 13:03:16 ----D---- C:\Program Files\EA GAMES
2008-12-10 13:00:17 ----D---- C:\Program Files\Google
2008-12-10 08:42:59 ----D---- C:\Program Files\WildTangent
2008-12-10 08:32:44 ----D---- C:\Program Files\DivX
2008-12-09 17:34:05 ----D---- C:\Program Files\Lavasoft
2008-12-09 17:19:26 ----D---- C:\Documents and Settings\Art\Application Data\Lavasoft
2008-12-09 15:19:51 ----D---- C:\WINDOWS\Help
2008-12-09 10:59:17 ----D---- C:\Program Files\Rockstar Games
2008-12-09 08:29:43 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-08 17:43:50 ----D---- C:\Documents and Settings\Art\Application Data\Google
2008-11-27 11:14:47 ----D---- C:\Documents and Settings\Art\Application Data\Ahead
2008-11-26 12:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 raddrvv3;raddrvv3; \??\C:\WINDOWS\system32\rserver30\raddrvv3.sys []
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-22 23936]
R2 Asusgio;Asusgio; \??\C:\Program Files\ASUS\Cool & Quiet\Asusgio.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 FILELOCK;FILELOCK; \??\C:\WINDOWS\system32\Drivers\FLOCKXP.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 Dot4 HPH09;Dot4 HPH09; C:\WINDOWS\system32\DRIVERS\hphid409.sys [2006-01-13 50800]
R3 Dot4Print HPH09;Print Class Driver for IEEE-1284.4 HPH09; C:\WINDOWS\system32\DRIVERS\hphipr09.sys [2006-01-13 16112]
R3 Dot4Storage HPH09;Storage Class Driver for IEEE-1284.4 (HPH09); C:\WINDOWS\System32\Drivers\hphs2k09.sys [2006-01-13 50211]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2007-12-01 651712]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2008-07-04 177152]
R3 hpusbfd;Hewlett-Packard USB Filter Class; C:\WINDOWS\System32\DRIVERS\hpusbfd.sys [2002-05-22 7552]
R3 IPFilter;Microsoft IntelliPoint Features driver; C:\WINDOWS\system32\DRIVERS\IPFilter.sys [2002-04-11 11136]
R3 mirrorv3;mirrorv3; C:\WINDOWS\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-06-19 14604]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2004-07-20 15616]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiNtBus.sys [2004-07-20 26752]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmaCDriverV32;WmaCDriverV32; C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2006-11-16 513152]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-20 288896]
S1 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 imhidusb;Immersion's HID USB Driver; C:\WINDOWS\system32\DRIVERS\imhidusb.sys [2004-08-16 30984]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512]
S3 SaiHFFB5;SaiHFFB5; C:\WINDOWS\system32\DRIVERS\SaiHFFB5.sys [2004-08-16 56576]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-07-15 578368]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2006-11-21 223128]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\Cyberlink\Shared files\RichVideo.exe [2007-01-12 272024]
R2 RServer3;Radmin Server V3; C:\WINDOWS\system32\rserver30\RServer3.exe [2007-02-02 1235032]
R2 ScsiAccess;ScsiAccess; C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2006-08-10 181312]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-03-13 49152]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-15 168432]
S3 HauppaugeTVServer;HauppaugeTVServer; C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 815104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 Pml Driver;Pml Driver; C:\WINDOWS\system32\HPHipm09.exe [2006-01-13 77824]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-02 86016]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
ArtLab
Active Member
 
Posts: 14
Joined: December 18th, 2008, 12:35 pm

Re: Need Help Removing Adsoftinc

Unread postby Odd dude » December 26th, 2008, 6:46 am

Uninstall these programs through Add/Remove software in the control panel:
Adobe Reader 8.1.2
J2SE Runtime Environment 5.0 Update 6

I see you have run ComboFix.

This is highly inadvisable as this is a very powerful tool which when used without proper supervision can reduce your computer to nothing more than an expensive doorstop.

Delete your current version of ComboFix and download it again from here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Open notepad and copy/paste the following to it:

Code: Select all
File::
C:\WINDOWS\system32\531f494e-.txt
C:\WINDOWS\tasks\ohoqjbnl.job
C:\WINDOWS\system32\uhflhfmy.ini
C:\WINDOWS\system32\vlbxquxf.ini
C:\WINDOWS\ykgee3362.exe
C:\WINDOWS\system32\knrnfsanzhigdw.exe

Folder::
C:\Documents and Settings\Art\Application Data\uTorrent
C:\Program Files\uTorrent
C:\Program Files\eMule
C:\Program Files\LimeWire\LimeWire 4.2.6 Pro

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"=-
"C:\Program Files\LimeWire\LimeWire 4.2.6 Pro\LimeWire.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqOGyyw]
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.avsystemcare.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: *.safetydownload.com
O15 - Trusted Zone: *.trustedantivirus.com
O15 - Trusted Zone: *.virusremover2008.com
O15 - Trusted Zone: *.virusschlacht.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.avsystemcare.com (HKLM)
O15 - Trusted Zone: *.onerateld.com (HKLM)
O15 - Trusted Zone: *.safetydownload.com (HKLM)
O15 - Trusted Zone: *.trustedantivirus.com (HKLM)
O15 - Trusted Zone: *.virusremover2008.com (HKLM)
O15 - Trusted Zone: *.virusschlacht.com (HKLM)


Save this to your desktop as "CFScript.txt".

Disconnect from the internet, disable your antimalware software like you did before, and drag CFScript into ComboFix

Image

ComboFix will run, please be patient and post the log.

Also please install the latest version of Adobe Reader and Java:
Java
    Download and install the latest version from here. The site is a bit confusing; this is what you should do:
    • Scroll down to where it says Java Runtime Environment (JRE) 6 Update 11.
    • Click the Download button to the right.
    • Choose the correct Platform. Also, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
    • Now, click Continue.
    • Click on the filename under Windows Offline Installation and save it to your desktop.
    • Now, close all other windows. Including Internet Explorer.
    • You can now install Java by double-clicking the executable you just downloaded.

Adobe Reader
Click here to go to the download page
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Need Help Removing Adsoftinc

Unread postby ArtLab » December 26th, 2008, 10:07 am

My good friend: I'm going to be away on a short trip and will be back on the 30th of Dec. Upon my return, I will implement your latest instructions. Please do not abandon me :( Best regards.
ArtLab
Active Member
 
Posts: 14
Joined: December 18th, 2008, 12:35 pm

Re: Need Help Removing Adsoftinc

Unread postby Odd dude » December 26th, 2008, 10:35 am

No problem. The thread will be kept open.

Have fun on your trip! :colors:
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Need Help Removing Adsoftinc

Unread postby ArtLab » December 29th, 2008, 3:48 pm

I'm back from my trip and have gone through all the steps you have recommended. So far things seem to be running normally (no signs of malware that I can see). Here's the log from ComboFix:



ComboFix 08-12-25.04 - Art 2008-12-29 13:42:00.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.537 [GMT -5:00]
Running from: c:\documents and settings\Art\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Art\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\system32\531f494e-.txt
c:\windows\system32\knrnfsanzhigdw.exe
c:\windows\system32\uhflhfmy.ini
c:\windows\system32\vlbxquxf.ini
c:\windows\tasks\ohoqjbnl.job
c:\windows\ykgee3362.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Art\Application Data\uTorrent
c:\documents and settings\Art\Application Data\uTorrent\dht.dat
c:\documents and settings\Art\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Art\Application Data\uTorrent\Driver Genius Pro.7z.torrent
c:\documents and settings\Art\Application Data\uTorrent\resume.dat
c:\documents and settings\Art\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Art\Application Data\uTorrent\rss.dat
c:\documents and settings\Art\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Art\Application Data\uTorrent\settings.dat
c:\documents and settings\Art\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Art\Application Data\uTorrent\utorrent-help.zip
c:\documents and settings\Art\Application Data\uTorrent\utorrent.chm
c:\documents and settings\Art\Application Data\uTorrent\utorrent.lng
c:\program files\eMule
c:\program files\eMule\downloads.bak
c:\program files\eMule\eMule Light.tmpl
c:\program files\eMule\eMule.tmpl
c:\program files\eMule\Incoming\01 - Leroy Anderson - Blue Tango.mp3
c:\program files\eMule\Incoming\01 _Stan Getz _Desafinado.mp3
c:\program files\eMule\Incoming\07 Dick Contino.mp3
c:\program files\eMule\Incoming\101 strings - the shadow of your smile.mp3
c:\program files\eMule\Incoming\101 Strings Orchestra - Brazil.mp3
c:\program files\eMule\Incoming\27 - Edith Piaf - La Vie En Rose (Accordion).mp3
c:\program files\eMule\Incoming\Adelino Pinto, Il Suo Pianoforte E Orchestra - Lisboa Antigua.mp3
c:\program files\eMule\Incoming\Adobe CS4 Photoshop Extended (KeyGen OnLy!) Works 100% [RkChimai.zip
c:\program files\eMule\Incoming\Adobe Photoshop CS4 Extended (full edition) (working).zip
c:\program files\eMule\Incoming\Adobe Premiere Elements 4.0 Key & Activating Component Record.txt
c:\program files\eMule\Incoming\Ahead Nero 9.0.9.4b Full Final Version + Serial Key.zip
c:\program files\eMule\Incoming\Ahead Nero Burning Rom 9 0 9 4 (Setup + Keygen) [FULL] !.zip
c:\program files\eMule\Incoming\Al Caiola & His Orchestra - Italian Street Songs - 09 - Tarantella Medley- Funiculi-Funicula-Marianna-La Luna Mezzo Mare (128) 1.mp3
c:\program files\eMule\Incoming\Ares Ultra 4.1 - Full Paid Version.zip
c:\program files\eMule\Incoming\ARES ULTRA v3.5.0.0 FULL RETAIL with New Registered ID.zip
c:\program files\eMule\Incoming\Arthur Fiedler & Boston Pops (Leroy Anderson) - Waltzing Cat.mp3
c:\program files\eMule\Incoming\AutoCAD 2009 + Crack + Serial.zip
c:\program files\eMule\Incoming\Autodata.v3.18.Multilanguage.(2007).zip
c:\program files\eMule\Incoming\Caterina Valente & Percy Faith - Maria Elena.mp3
c:\program files\eMule\Incoming\Copy of Musica de Acordeon - Vals-Bajo El Cielo De Paris Emilio Bertrand Valse Musette -Toma 1 -Acordeon - Fisarmonica - Accordion.mp3
c:\program files\eMule\Incoming\david sprunger - pattern piano and keyboard.pdf
c:\program files\eMule\Incoming\Dick Contino - Yours.mp3
c:\program files\eMule\Incoming\Doris Day e Percy Faith - It's Magic.mp3
c:\program files\eMule\Incoming\Driver Genius Professional 2007 v7.0.2358.rar
c:\program files\eMule\Incoming\FIFA 09 PC Game-FULL crack keygen.zip
c:\program files\eMule\Incoming\Football Manager 2009 - incl crack and patch.zip
c:\program files\eMule\Incoming\Football Manager 2009 - include crack and patch.zip
c:\program files\eMule\Incoming\Football Manager 2009 + Patch 9.1.0 + Crack.zip
c:\program files\eMule\Incoming\Football.Manager.2009-ACTIVATION.CRACK.zip
c:\program files\eMule\Incoming\Football.Manager.2009-FM09.zip
c:\program files\eMule\Incoming\Grandes Orquestas - Ray Connif - Lisboa Antigua.mp3
c:\program files\eMule\Incoming\Karafun Karaoke PLUS 2400+ Songs-UPDATED rar.zip
c:\program files\eMule\Incoming\Kaspersky Antivirus 8.0.0.454 + 152 Keys.zip
c:\program files\eMule\Incoming\Kaspersky Internet Security 2009 8 0 0 454 And Keys.zip
c:\program files\eMule\Incoming\Leroy Anderson - China Doll.mp3
c:\program files\eMule\Incoming\Mantovani - Moulin Rouge.mp2
c:\program files\eMule\Incoming\Microsoft Virtual Earth 3D.zip
c:\program files\eMule\Incoming\Need For Speed Undercover CRACK-100% WORK TESTED.zip
c:\program files\eMule\Incoming\Need For Speed Undercover PC with working crack and serial.zip
c:\program files\eMule\Incoming\Need.for.Speed.Undercover.Keygen.and Crack-RELOADED.zip
c:\program files\eMule\Incoming\New Folder\How to Develop A Super-Power Memory (Harry Lorayne).pdf
c:\program files\eMule\Incoming\Pattern Piano - Course Book.pdf
c:\program files\eMule\Incoming\Pattern Piano - Salsa for Piano and Keyboard Vol 1.rar
c:\program files\eMule\Incoming\PC The Sims 2 Apartment Life [Multi16] [www torrentspain com] crack keygen.zip
c:\program files\eMule\Incoming\Percy Faith - I Only Have Eyes for You.mp3
c:\program files\eMule\Incoming\Percy Faith - The Girl From Ipanema.mp3
c:\program files\eMule\Incoming\Percy Faith - The Rain In Spain.mp3
c:\program files\eMule\Incoming\Pro Evolution Soccer 2009 ( PES 2009 PES2009 PES09 PES 09 ) - Exclusive Preview NEXTGEN New Quality crack keygen.zip
c:\program files\eMule\Incoming\Sims 2 Glamour Life Stuff {by ranchinvis} crack keygen.zip
c:\program files\eMule\Incoming\SPB.Software.for.Windows.Mobile.-.Pocket.PC.(May 2008).RAK+.zip
c:\program files\LimeWire\LimeWire 4.2.6 Pro
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\aopalliance.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\clink.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\commons-codec-1.3.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\commons-logging.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\commons-net.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\daap.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\dnsjava.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\forms.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\foxtrot.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\gettext-commons.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\guice-1.0.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\hsqldb.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\icu4j.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jaudiotagger.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jcraft.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jdic.dll
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jdic.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jdic_stub.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jflac.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jl.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jmdns.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jogg.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\jorbis.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\LimeWire.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\log4j.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\looks.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\messages.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\mp3spi.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\onion-common.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\onion-fec.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\ProgressTabs.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\swt.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\SystemUtilities.dll
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\themes.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\tray.dll
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\tritonus.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire 4.2.6 Pro\LimeWire.exe
c:\program files\LimeWire\LimeWire 4.2.6 Pro\limewire.props
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
c:\windows\system32\531f494e-.txt
c:\windows\system32\knrnfsanzhigdw.exe
c:\windows\system32\TDSSosvd.dat
c:\windows\system32\uhflhfmy.ini
c:\windows\system32\vlbxquxf.ini
c:\windows\tasks\ohoqjbnl.job
c:\windows\ykgee3362.exe

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-25 16:31 . 2008-12-25 16:51 <DIR> d-------- C:\rsit
2008-12-23 14:19 . 2008-12-23 14:19 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 08:48 . 2008-12-21 08:48 <DIR> d-------- c:\program files\PlayPianoTODAY
2008-12-21 08:48 . 2008-12-21 08:47 737,280 --a------ c:\windows\iun6002.exe
2008-12-14 13:10 . 2008-12-14 13:10 <DIR> d-------- C:\Kaspersky
2008-12-14 13:06 . 2008-12-14 13:06 <DIR> d-------- C:\Bases
2008-12-14 12:56 . 2008-12-14 13:07 <DIR> d-------- C:\mwavunzip
2008-12-14 12:35 . 2008-12-14 12:35 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb
2008-12-14 11:59 . 2008-12-14 11:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipswitch
2008-12-14 11:16 . 2008-12-14 11:16 <DIR> d-------- C:\Binaries
2008-12-14 11:14 . 2008-12-14 11:14 164 --a------ C:\install.dat
2008-12-11 09:47 . 2005-01-13 22:41 11,254 --a------ c:\windows\system32\locate.com
2008-12-11 09:45 . 2008-12-16 09:00 <DIR> d-------- C:\MGtools
2008-12-11 09:45 . 2008-12-16 09:00 57,171 --a------ C:\MGlogs.zip
2008-12-10 22:41 . 2008-12-10 22:41 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-10 22:41 . 2008-12-25 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 16:58 . 2008-12-10 16:58 1,238,055 --a------ C:\MGtools.exe
2008-12-10 13:36 . 2008-12-10 13:36 <DIR> d-------- c:\program files\CCleaner
2008-12-10 09:58 . 2008-12-10 09:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DivX
2008-12-09 17:34 . 2008-12-10 22:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-09 14:15 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-09 14:15 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-09 14:15 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-12-09 14:15 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-12-09 14:14 . 2008-04-13 14:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2008-12-09 14:13 . 2008-04-13 14:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-09 14:13 . 2008-04-13 14:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-09 14:13 . 2008-04-13 14:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-09 14:13 . 2008-04-13 14:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-09 14:13 . 2008-04-13 14:45 17,152 --a--c--- c:\windows\system32\dllcache\usbohci.sys
2008-12-09 14:11 . 2008-04-13 14:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2008-12-09 14:11 . 2008-04-13 20:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2008-12-09 14:08 . 2008-04-13 14:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2008-12-09 14:08 . 2008-04-13 14:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2008-12-09 14:08 . 2008-04-13 14:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2008-12-09 14:06 . 2008-04-13 14:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2008-12-09 14:06 . 2008-04-13 14:45 11,520 --a--c--- c:\windows\system32\dllcache\scsiscan.sys
2008-12-09 14:05 . 2008-04-13 14:40 79,104 --a--c--- c:\windows\system32\dllcache\rocket.sys
2008-12-09 14:05 . 2008-04-13 20:12 29,696 --a--c--- c:\windows\system32\dllcache\rw450ext.dll
2008-12-09 14:05 . 2008-04-13 20:12 27,648 --a--c--- c:\windows\system32\dllcache\rw430ext.dll
2008-12-09 14:04 . 2008-04-13 20:12 159,232 --a--c--- c:\windows\system32\dllcache\ptpusd.dll
2008-12-09 14:04 . 2008-04-13 14:40 6,016 --a--c--- c:\windows\system32\dllcache\qic157.sys
2008-12-09 14:03 . 2008-04-13 20:12 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2008-12-09 14:03 . 2008-04-13 20:10 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2008-12-09 14:03 . 2008-04-13 20:10 211,584 --a--c--- c:\windows\system32\dllcache\perm2dll.dll
2008-12-09 14:03 . 2008-04-13 20:12 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2008-12-09 14:03 . 2008-04-13 14:44 28,032 --a--c--- c:\windows\system32\dllcache\perm3.sys
2008-12-09 14:03 . 2008-04-13 14:44 27,904 --a--c--- c:\windows\system32\dllcache\perm2.sys
2008-12-09 14:03 . 2008-04-13 14:41 17,664 --a--c--- c:\windows\system32\dllcache\ppa3.sys
2008-12-09 14:03 . 2008-04-13 14:40 8,832 --a--c--- c:\windows\system32\dllcache\powerfil.sys
2008-12-09 13:57 . 2008-04-13 14:54 28,672 --a--c--- c:\windows\system32\dllcache\nscirda.sys
2008-12-09 13:56 . 2008-04-13 20:12 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2008-12-09 13:56 . 2008-04-13 14:46 51,200 --a--c--- c:\windows\system32\dllcache\msdv.sys
2008-12-09 13:56 . 2008-04-13 14:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2008-12-09 13:56 . 2008-04-13 14:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2008-12-09 13:55 . 2008-04-13 14:41 26,112 --a--c--- c:\windows\system32\dllcache\memstpci.sys
2008-12-09 13:55 . 2008-04-13 14:46 15,232 --a--c--- c:\windows\system32\dllcache\mpe.sys
2008-12-09 13:55 . 2008-04-13 14:40 7,040 --a--c--- c:\windows\system32\dllcache\ltotape.sys
2008-12-09 13:54 . 2008-04-13 20:11 253,952 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2008-12-09 13:54 . 2008-04-13 20:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-12-09 13:54 . 2008-04-13 14:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2008-12-09 13:54 . 2008-04-13 20:11 48,640 --a--c--- c:\windows\system32\dllcache\kdsui.dll
2008-12-09 13:54 . 2008-04-13 14:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2008-12-09 13:54 . 2008-04-13 20:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2008-12-09 13:53 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-12-09 13:53 . 2008-04-13 14:40 5,504 --a--c--- c:\windows\system32\dllcache\intelide.sys
2008-12-09 13:52 . 2008-04-13 14:41 18,560 --a--c--- c:\windows\system32\dllcache\i2omp.sys
2008-12-09 13:52 . 2008-04-13 14:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2008-12-09 13:51 . 2008-04-13 14:45 59,136 --a--c--- c:\windows\system32\dllcache\gckernel.sys
2008-12-09 13:51 . 2008-04-13 14:40 28,288 --a--c--- c:\windows\system32\dllcache\grserial.sys
2008-12-09 13:51 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-09 13:51 . 2008-04-13 14:36 20,352 --a--c--- c:\windows\system32\dllcache\hidbatt.sys
2008-12-09 13:51 . 2008-04-13 14:45 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-12-09 13:49 . 2008-04-13 20:12 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-09 13:48 . 2008-04-13 14:39 206,976 --a--c--- c:\windows\system32\dllcache\dot4.sys
2008-12-09 13:48 . 2008-04-13 14:40 8,320 --a--c--- c:\windows\system32\dllcache\dlttape.sys
2008-12-09 13:47 . 2008-04-13 20:11 249,856 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2008-12-09 13:47 . 2008-04-13 14:36 13,952 --a--c--- c:\windows\system32\dllcache\cmbatt.sys
2008-12-09 13:47 . 2008-04-13 14:36 10,240 --a--c--- c:\windows\system32\dllcache\compbatt.sys
2008-12-09 13:47 . 2008-04-13 14:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2008-12-09 13:46 . 2008-04-13 20:11 121,856 --a--c--- c:\windows\system32\dllcache\camext30.dll
2008-12-09 13:45 . 2008-04-13 14:46 38,912 --a--c--- c:\windows\system32\dllcache\avc.sys
2008-12-09 13:45 . 2008-04-13 20:12 18,432 --a--c--- c:\windows\system32\dllcache\bdaplgin.ax
2008-12-09 13:45 . 2008-04-13 14:36 14,208 --a--c--- c:\windows\system32\dllcache\battc.sys
2008-12-09 13:45 . 2008-04-13 14:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2008-12-09 13:45 . 2008-04-13 14:46 11,776 --a--c--- c:\windows\system32\dllcache\bdasup.sys
2008-12-09 13:43 . 2001-08-17 11:19 747,392 --a--c--- c:\windows\system32\dllcache\OLD8E.tmp
2008-12-09 13:43 . 2001-08-17 11:19 584,448 --a--c--- c:\windows\system32\dllcache\OLD86.tmp
2008-12-09 13:43 . 2001-08-17 11:19 553,984 --a--c--- c:\windows\system32\dllcache\OLD8A.tmp
2008-12-09 13:43 . 2001-08-17 13:07 101,888 --a--c--- c:\windows\system32\dllcache\OLD9A.tmp
2008-12-09 13:43 . 2004-08-03 21:32 84,480 --a--c--- c:\windows\system32\dllcache\OLD76.tmp
2008-12-09 13:43 . 2001-08-17 21:36 61,440 --a--c--- c:\windows\system32\dllcache\OLD7A.tmp
2008-12-09 13:43 . 2001-08-17 11:11 46,112 --a--c--- c:\windows\system32\dllcache\OLD96.tmp
2008-12-09 13:43 . 2001-08-17 11:11 20,160 --a--c--- c:\windows\system32\dllcache\OLD82.tmp
2008-12-09 13:43 . 2004-08-03 21:32 10,880 --a--c--- c:\windows\system32\dllcache\OLD92.tmp
2008-12-09 13:43 . 2001-08-17 12:53 7,424 --a--c--- c:\windows\system32\dllcache\OLD7E.tmp
2008-12-09 08:58 . 2008-12-25 21:51 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-09 08:58 . 2008-12-09 08:58 1,409 --a------ c:\windows\QTFont.for
2008-12-07 11:21 . 2008-12-07 11:46 <DIR> d-------- c:\program files\All That Chords!
2008-12-07 11:21 . 2008-12-22 17:35 32 --a------ c:\windows\system32\use_atc.dat
2008-12-05 11:26 . 2008-12-05 12:15 <DIR> d-------- c:\program files\Piano and Keyboard Salsa Vol 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 18:42 --------- d-----w c:\program files\LimeWire
2008-12-25 20:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-25 18:24 --------- d-----w c:\program files\Enigma Software Group
2008-12-16 13:33 --------- d-----w c:\program files\Apple Software Update
2008-12-11 03:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-10 23:17 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-10 23:17 --------- d-----w c:\documents and settings\Art\Application Data\SUPERAntiSpyware.com
2008-12-10 18:06 --------- d-----w c:\program files\Call of Duty Game of the Year Edition
2008-12-10 18:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 18:03 --------- d-----w c:\program files\EA GAMES
2008-12-10 18:00 --------- d-----w c:\program files\Google
2008-12-10 13:42 --------- d-----w c:\program files\WildTangent
2008-12-10 13:32 --------- d-----w c:\program files\DivX
2008-12-09 22:34 --------- d-----w c:\program files\Lavasoft
2008-12-09 22:19 --------- d-----w c:\documents and settings\Art\Application Data\Lavasoft
2008-12-09 15:59 --------- d-----w c:\program files\Rockstar Games
2008-12-04 00:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-27 16:14 --------- d-----w c:\documents and settings\Art\Application Data\Ahead
2008-11-21 20:25 --------- d--h--r c:\documents and settings\Art\Application Data\yahoo!
2008-11-03 16:48 --------- d-----w c:\program files\Virtual Earth 3D
2008-09-16 22:36 8,320,728 ----a-w c:\program files\FLV PlayerRCATSetup.exe
2008-04-06 14:29 33,584 -c--a-w c:\documents and settings\Art\Application Data\GDIPFONTCACHEV1.DAT
2006-08-11 14:29 338 -c--a-w c:\documents and settings\Art\Application Data\internaldb1942.dat
2006-08-11 14:25 13,046 -c--a-w c:\documents and settings\Art\Application Data\internaldb5436.dat
2006-08-11 14:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb4604.dat
2006-08-10 18:46 124,928 -c--a-w c:\documents and settings\Art\Application Data\internaldb4827.dat
2006-08-10 16:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb8253.dat
2006-08-10 16:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb3902.dat
2006-08-10 16:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb2391.dat
2006-08-10 16:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb153.dat
2006-05-02 16:31 427 -c--a-w c:\program files\cpg_pub_wizard.reg
2008-11-28 16:58 642,048 ----a-w c:\program files\mozilla firefox\components\nsdcads.dll
2008-07-12 21:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071220080713\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"EnvyHFCPL"="c:\program files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [2008-07-07 524288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 c:\windows\system32\ptipbmf.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-25 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Smapp"=c:\program files\Analog Devices\SoundMAX\SMTray.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"SaiSmart"=c:\program files\Saitek\Software\SaiSmart.exe
"Profiler"=c:\program files\Saitek\Software\Profiler.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"HP Lamp"=c:\scanjet\PrecisionScanPro\HPLamp.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\WhoCalls\\WhoCalls.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Pro\\wsftpgui.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\rserver30\\FamItrfc.Exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:radmin
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"4662:TCP"= 4662:TCP:emule2
"4672:UDP"= 4672:UDP:emule2

R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2006-03-18 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-15 111184]
R1 raddrvv3;raddrvv3;\??\c:\windows\system32\rserver30\raddrvv3.sys [2007-02-02 41176]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 Asusgio;Asusgio;\??\c:\program files\ASUS\Cool & Quiet\Asusgio.sys [2006-03-18 52776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-15 20560]
R2 FILELOCK;FILELOCK;\??\c:\windows\system32\Drivers\FLOCKXP.SYS [2004-10-14 11585]
R2 RServer3;Radmin Server V3;"c:\windows\system32\rserver30\RServer3.exe" /service [2007-02-02 1235032]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2007-11-30 651712]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\DRIVERS\hpusbfd.sys [2008-07-24 7552]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys []
S2 WhoCallService;WhoCallsService; []
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [2008-07-08 815104]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [2006-12-04 30984]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SaiHFFB5;SaiHFFB5;c:\windows\system32\DRIVERS\SaiHFFB5.sys [2006-12-04 56576]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-29 c:\windows\Tasks\User_Feed_Synchronization-{E4F5BF34-73F6-4B42-8CE6-893AB021A719}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local

c:\windows\system32\msvbvm60.dll - c:\windows\system32\OLEAUT32.DLL
c:\windows\system32\OLEPRO32.DLL
c:\windows\system32\ASYCFILT.DLL
c:\windows\system32\STDOLE2.TLB
c:\windows\system32\COMCAT.DLL
c:\windows\Downloaded Program Files\BwAsyncSearch.exe
c:\windows\Downloaded Program Files\BwCommon.dll
c:\windows\Downloaded Program Files\BwOutlook.dll
O16 -: {3D19135C-6D38-44AD-80F0-D9318F48726D}
hxxp://appserver.dca.broadvoice.com/com ... utlook.CAB
c:\windows\Downloaded Program Files\BwOutlook.INF

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.3.7.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

O16 -: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/ncs.cab
c:\windows\Downloaded Program Files\NCSview.inf
FF - ProfilePath - c:\documents and settings\Art\Application Data\Mozilla\Firefox\Profiles\w81zhwnv.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\\components\nsdcads.dll
FF - plugin: c:\documents and settings\Art\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 13:46:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Photodex\ProShowGold\scsiaccess.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rserver30\FamItrfc.Exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-29 13:49:26 - machine was rebooted [Art]
ComboFix-quarantined-files.txt 2008-12-29 18:49:19
ComboFix2.txt 2008-12-16 14:09:36
ComboFix3.txt 2008-12-12 14:15:42
ComboFix4.txt 2008-12-11 14:27:12

Pre-Run: 87,452,852,224 bytes free
Post-Run: 87,378,931,712 bytes free

448 --- E O F --- 2008-12-18 01:00:37
ArtLab
Active Member
 
Posts: 14
Joined: December 18th, 2008, 12:35 pm

Re: Need Help Removing Adsoftinc

Unread postby Odd dude » December 30th, 2008, 10:29 am

Welcome back :) and happy nearly-new-year

Open notepad and copy/paste the following to it:

Code: Select all
Folder::
c:\program files\LimeWire

File::
c:\program files\FLV PlayerRCATSetup.exe
c:\windows\system32\use_atc.dat

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"=-
"4672:UDP"=-


Save this to your desktop as "CFScript.txt".

Disconnect from the internet, disable your antimalware software like you did before, and drag CFScript into ComboFix

Image

ComboFix will run, please be patient and post the log.

Also post a new hijackthis log.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Need Help Removing Adsoftinc

Unread postby ArtLab » December 30th, 2008, 12:56 pm

A very happy new year to you and your family. :drunken: :cheers: Here are the logs you have requested:

ComboFix 08-12-25.04 - Art 2008-12-30 10:14:29.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.632 [GMT -5:00]
Running from: c:\documents and settings\Art\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Art\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\program files\FLV PlayerRCATSetup.exe
c:\windows\system32\use_atc.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FLV PlayerRCATSetup.exe
c:\program files\LimeWire
c:\windows\system32\use_atc.dat

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.

2008-12-29 14:20 . 2008-12-29 14:20 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-29 14:12 . 2008-12-29 14:12 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-29 14:12 . 2008-12-29 14:12 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-25 16:31 . 2008-12-25 16:51 <DIR> d-------- C:\rsit
2008-12-23 14:19 . 2008-12-23 14:19 <DIR> d-------- c:\program files\Trend Micro
2008-12-21 08:48 . 2008-12-21 08:48 <DIR> d-------- c:\program files\PlayPianoTODAY
2008-12-21 08:48 . 2008-12-21 08:47 737,280 --a------ c:\windows\iun6002.exe
2008-12-14 13:10 . 2008-12-14 13:10 <DIR> d-------- C:\Kaspersky
2008-12-14 13:06 . 2008-12-14 13:06 <DIR> d-------- C:\Bases
2008-12-14 12:56 . 2008-12-14 13:07 <DIR> d-------- C:\mwavunzip
2008-12-14 12:35 . 2008-12-14 12:35 <DIR> d-------- c:\documents and settings\Administrator\DoctorWeb
2008-12-14 11:59 . 2008-12-14 11:59 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Ipswitch
2008-12-14 11:16 . 2008-12-14 11:16 <DIR> d-------- C:\Binaries
2008-12-14 11:14 . 2008-12-14 11:14 164 --a------ C:\install.dat
2008-12-11 09:47 . 2005-01-13 22:41 11,254 --a------ c:\windows\system32\locate.com
2008-12-11 09:45 . 2008-12-16 09:00 <DIR> d-------- C:\MGtools
2008-12-11 09:45 . 2008-12-16 09:00 57,171 --a------ C:\MGlogs.zip
2008-12-10 22:41 . 2008-12-10 22:41 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-10 22:41 . 2008-12-25 13:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-10 16:58 . 2008-12-10 16:58 1,238,055 --a------ C:\MGtools.exe
2008-12-10 13:36 . 2008-12-10 13:36 <DIR> d-------- c:\program files\CCleaner
2008-12-10 09:58 . 2008-12-10 09:58 <DIR> d-------- c:\documents and settings\Administrator\Application Data\DivX
2008-12-09 17:34 . 2008-12-10 22:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-09 14:15 . 2008-04-13 20:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2008-12-09 14:15 . 2008-04-13 20:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2008-12-09 14:15 . 2008-04-13 14:36 8,832 --a--c--- c:\windows\system32\dllcache\wmiacpi.sys
2008-12-09 14:15 . 2008-04-13 20:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2008-12-09 14:14 . 2008-04-13 14:45 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys
2008-12-09 14:13 . 2008-04-13 14:45 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
2008-12-09 14:13 . 2008-04-13 14:45 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-12-09 14:13 . 2008-04-13 14:45 26,112 --a--c--- c:\windows\system32\dllcache\usbser.sys
2008-12-09 14:13 . 2008-04-13 14:47 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-12-09 14:13 . 2008-04-13 14:45 17,152 --a--c--- c:\windows\system32\dllcache\usbohci.sys
2008-12-09 14:11 . 2008-04-13 14:40 149,376 --a--c--- c:\windows\system32\dllcache\tffsport.sys
2008-12-09 14:11 . 2008-04-13 20:12 82,944 --a--c--- c:\windows\system32\dllcache\tp4mon.exe
2008-12-09 14:08 . 2008-04-13 14:36 16,000 --a--c--- c:\windows\system32\dllcache\smbbatt.sys
2008-12-09 14:08 . 2008-04-13 14:40 7,552 --a--c--- c:\windows\system32\dllcache\sonyait.sys
2008-12-09 14:08 . 2008-04-13 14:36 6,912 --a--c--- c:\windows\system32\dllcache\smbclass.sys
2008-12-09 14:06 . 2008-04-13 14:40 43,904 --a--c--- c:\windows\system32\dllcache\sbp2port.sys
2008-12-09 14:06 . 2008-04-13 14:45 11,520 --a--c--- c:\windows\system32\dllcache\scsiscan.sys
2008-12-09 14:05 . 2008-04-13 14:40 79,104 --a--c--- c:\windows\system32\dllcache\rocket.sys
2008-12-09 14:05 . 2008-04-13 20:12 29,696 --a--c--- c:\windows\system32\dllcache\rw450ext.dll
2008-12-09 14:05 . 2008-04-13 20:12 27,648 --a--c--- c:\windows\system32\dllcache\rw430ext.dll
2008-12-09 14:04 . 2008-04-13 20:12 159,232 --a--c--- c:\windows\system32\dllcache\ptpusd.dll
2008-12-09 14:04 . 2008-04-13 14:40 6,016 --a--c--- c:\windows\system32\dllcache\qic157.sys
2008-12-09 14:03 . 2008-04-13 20:12 363,520 --a--c--- c:\windows\system32\dllcache\psisdecd.dll
2008-12-09 14:03 . 2008-04-13 20:10 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2008-12-09 14:03 . 2008-04-13 20:10 211,584 --a--c--- c:\windows\system32\dllcache\perm2dll.dll
2008-12-09 14:03 . 2008-04-13 20:12 33,280 --a--c--- c:\windows\system32\dllcache\psisrndr.ax
2008-12-09 14:03 . 2008-04-13 14:44 28,032 --a--c--- c:\windows\system32\dllcache\perm3.sys
2008-12-09 14:03 . 2008-04-13 14:44 27,904 --a--c--- c:\windows\system32\dllcache\perm2.sys
2008-12-09 14:03 . 2008-04-13 14:41 17,664 --a--c--- c:\windows\system32\dllcache\ppa3.sys
2008-12-09 14:03 . 2008-04-13 14:40 8,832 --a--c--- c:\windows\system32\dllcache\powerfil.sys
2008-12-09 13:57 . 2008-04-13 14:54 28,672 --a--c--- c:\windows\system32\dllcache\nscirda.sys
2008-12-09 13:56 . 2008-04-13 20:12 56,832 --a--c--- c:\windows\system32\dllcache\msdvbnp.ax
2008-12-09 13:56 . 2008-04-13 14:46 51,200 --a--c--- c:\windows\system32\dllcache\msdv.sys
2008-12-09 13:56 . 2008-04-13 14:46 49,024 --a--c--- c:\windows\system32\dllcache\mstape.sys
2008-12-09 13:56 . 2008-04-13 14:54 22,016 --a--c--- c:\windows\system32\dllcache\msircomm.sys
2008-12-09 13:55 . 2008-04-13 14:41 26,112 --a--c--- c:\windows\system32\dllcache\memstpci.sys
2008-12-09 13:55 . 2008-04-13 14:46 15,232 --a--c--- c:\windows\system32\dllcache\mpe.sys
2008-12-09 13:55 . 2008-04-13 14:40 7,040 --a--c--- c:\windows\system32\dllcache\ltotape.sys
2008-12-09 13:54 . 2008-04-13 20:11 253,952 --a--c--- c:\windows\system32\dllcache\kdsusd.dll
2008-12-09 13:54 . 2008-04-13 20:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe
2008-12-09 13:54 . 2008-04-13 14:54 88,192 --a--c--- c:\windows\system32\dllcache\irda.sys
2008-12-09 13:54 . 2008-04-13 20:11 48,640 --a--c--- c:\windows\system32\dllcache\kdsui.dll
2008-12-09 13:54 . 2008-04-13 14:40 34,688 --a--c--- c:\windows\system32\dllcache\lbrtfdc.sys
2008-12-09 13:54 . 2008-04-13 20:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll
2008-12-09 13:53 . 2008-04-13 20:11 702,845 --a--c--- c:\windows\system32\dllcache\i81xdnt5.dll
2008-12-09 13:53 . 2008-04-13 14:40 5,504 --a--c--- c:\windows\system32\dllcache\intelide.sys
2008-12-09 13:52 . 2008-04-13 14:41 18,560 --a--c--- c:\windows\system32\dllcache\i2omp.sys
2008-12-09 13:52 . 2008-04-13 14:41 8,576 --a--c--- c:\windows\system32\dllcache\i2omgmt.sys
2008-12-09 13:51 . 2008-04-13 14:45 59,136 --a--c--- c:\windows\system32\dllcache\gckernel.sys
2008-12-09 13:51 . 2008-04-13 14:40 28,288 --a--c--- c:\windows\system32\dllcache\grserial.sys
2008-12-09 13:51 . 2008-04-13 20:11 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll
2008-12-09 13:51 . 2008-04-13 14:36 20,352 --a--c--- c:\windows\system32\dllcache\hidbatt.sys
2008-12-09 13:51 . 2008-04-13 14:45 10,624 --a--c--- c:\windows\system32\dllcache\gameenum.sys
2008-12-09 13:49 . 2008-04-13 20:12 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-09 13:48 . 2008-04-13 14:39 206,976 --a--c--- c:\windows\system32\dllcache\dot4.sys
2008-12-09 13:48 . 2008-04-13 14:40 8,320 --a--c--- c:\windows\system32\dllcache\dlttape.sys
2008-12-09 13:47 . 2008-04-13 20:11 249,856 --a--c--- c:\windows\system32\dllcache\ctmasetp.dll
2008-12-09 13:47 . 2008-04-13 14:36 13,952 --a--c--- c:\windows\system32\dllcache\cmbatt.sys
2008-12-09 13:47 . 2008-04-13 14:36 10,240 --a--c--- c:\windows\system32\dllcache\compbatt.sys
2008-12-09 13:47 . 2008-04-13 14:40 8,192 --a--c--- c:\windows\system32\dllcache\changer.sys
2008-12-09 13:46 . 2008-04-13 20:11 121,856 --a--c--- c:\windows\system32\dllcache\camext30.dll
2008-12-09 13:45 . 2008-04-13 14:46 38,912 --a--c--- c:\windows\system32\dllcache\avc.sys
2008-12-09 13:45 . 2008-04-13 20:12 18,432 --a--c--- c:\windows\system32\dllcache\bdaplgin.ax
2008-12-09 13:45 . 2008-04-13 14:36 14,208 --a--c--- c:\windows\system32\dllcache\battc.sys
2008-12-09 13:45 . 2008-04-13 14:46 13,696 --a--c--- c:\windows\system32\dllcache\avcstrm.sys
2008-12-09 13:45 . 2008-04-13 14:46 11,776 --a--c--- c:\windows\system32\dllcache\bdasup.sys
2008-12-09 13:43 . 2001-08-17 11:19 747,392 --a--c--- c:\windows\system32\dllcache\OLD8E.tmp
2008-12-09 13:43 . 2001-08-17 11:19 584,448 --a--c--- c:\windows\system32\dllcache\OLD86.tmp
2008-12-09 13:43 . 2001-08-17 11:19 553,984 --a--c--- c:\windows\system32\dllcache\OLD8A.tmp
2008-12-09 13:43 . 2001-08-17 13:07 101,888 --a--c--- c:\windows\system32\dllcache\OLD9A.tmp
2008-12-09 13:43 . 2004-08-03 21:32 84,480 --a--c--- c:\windows\system32\dllcache\OLD76.tmp
2008-12-09 13:43 . 2001-08-17 21:36 61,440 --a--c--- c:\windows\system32\dllcache\OLD7A.tmp
2008-12-09 13:43 . 2001-08-17 11:11 46,112 --a--c--- c:\windows\system32\dllcache\OLD96.tmp
2008-12-09 13:43 . 2001-08-17 11:11 20,160 --a--c--- c:\windows\system32\dllcache\OLD82.tmp
2008-12-09 13:43 . 2004-08-03 21:32 10,880 --a--c--- c:\windows\system32\dllcache\OLD92.tmp
2008-12-09 13:43 . 2001-08-17 12:53 7,424 --a--c--- c:\windows\system32\dllcache\OLD7E.tmp
2008-12-09 08:58 . 2008-12-29 22:09 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-09 08:58 . 2008-12-09 08:58 1,409 --a------ c:\windows\QTFont.for
2008-12-07 11:21 . 2008-12-07 11:46 <DIR> d-------- c:\program files\All That Chords!
2008-12-05 11:26 . 2008-12-05 12:15 <DIR> d-------- c:\program files\Piano and Keyboard Salsa Vol 1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 19:20 --------- d-----w c:\program files\Common Files\Adobe
2008-12-29 19:12 --------- d-----w c:\program files\Java
2008-12-25 20:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-25 18:24 --------- d-----w c:\program files\Enigma Software Group
2008-12-16 13:33 --------- d-----w c:\program files\Apple Software Update
2008-12-11 03:46 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-10 23:17 --------- d-----w c:\program files\SUPERAntiSpyware
2008-12-10 23:17 --------- d-----w c:\documents and settings\Art\Application Data\SUPERAntiSpyware.com
2008-12-10 18:06 --------- d-----w c:\program files\Call of Duty Game of the Year Edition
2008-12-10 18:04 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 18:03 --------- d-----w c:\program files\EA GAMES
2008-12-10 18:00 --------- d-----w c:\program files\Google
2008-12-10 13:42 --------- d-----w c:\program files\WildTangent
2008-12-10 13:32 --------- d-----w c:\program files\DivX
2008-12-09 22:34 --------- d-----w c:\program files\Lavasoft
2008-12-09 22:19 --------- d-----w c:\documents and settings\Art\Application Data\Lavasoft
2008-12-09 15:59 --------- d-----w c:\program files\Rockstar Games
2008-12-04 00:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 00:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-11-27 16:14 --------- d-----w c:\documents and settings\Art\Application Data\Ahead
2008-11-21 20:25 --------- d--h--r c:\documents and settings\Art\Application Data\yahoo!
2008-11-03 16:48 --------- d-----w c:\program files\Virtual Earth 3D
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-18 16:41 323,584 ----a-w c:\windows\system32\AUDIOGENIE2.DLL
2008-09-18 15:25 237,568 ----a-w c:\windows\system32\rmc_rtspdl.dll
2008-09-18 15:25 156,672 ----a-w c:\windows\system32\rmc_fixasf.exe
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-04-06 14:29 33,584 -c--a-w c:\documents and settings\Art\Application Data\GDIPFONTCACHEV1.DAT
2006-08-11 14:29 338 -c--a-w c:\documents and settings\Art\Application Data\internaldb1942.dat
2006-08-11 14:25 13,046 -c--a-w c:\documents and settings\Art\Application Data\internaldb5436.dat
2006-08-11 14:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb4604.dat
2006-08-10 18:46 124,928 -c--a-w c:\documents and settings\Art\Application Data\internaldb4827.dat
2006-08-10 16:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb8253.dat
2006-08-10 16:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb3902.dat
2006-08-10 16:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb2391.dat
2006-08-10 16:25 0 -c--a-w c:\documents and settings\Art\Application Data\internaldb153.dat
2006-05-02 16:31 427 -c--a-w c:\program files\cpg_pub_wizard.reg
2008-11-28 16:58 642,048 ----a-w c:\program files\mozilla firefox\components\nsdcads.dll
2008-07-12 21:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071220080713\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-12-29_13.48.56.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-12 20:06:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
+ 2008-12-29 19:12:28 144,792 ----a-w c:\windows\system32\java.exe
+ 2008-12-29 19:12:28 144,792 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-29 19:12:28 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-30 13:14:46 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_60c.dat
+ 2008-12-30 13:14:59 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_624.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"EnvyHFCPL"="c:\program files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [2008-07-07 524288]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-29 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 c:\windows\system32\ptipbmf.dll]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-25 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Smapp"=c:\program files\Analog Devices\SoundMAX\SMTray.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"SaiSmart"=c:\program files\Saitek\Software\SaiSmart.exe
"Profiler"=c:\program files\Saitek\Software\Profiler.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"HP Lamp"=c:\scanjet\PrecisionScanPro\HPLamp.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\WhoCalls\\WhoCalls.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Pro\\wsftpgui.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\rserver30\\FamItrfc.Exe"=
"c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:radmin
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 viasraid;viasraid;c:\windows\system32\DRIVERS\viasraid.sys [2006-03-18 77312]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-15 111184]
R1 raddrvv3;raddrvv3;\??\c:\windows\system32\rserver30\raddrvv3.sys [2007-02-02 41176]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 Asusgio;Asusgio;\??\c:\program files\ASUS\Cool & Quiet\Asusgio.sys [2006-03-18 52776]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-15 20560]
R2 FILELOCK;FILELOCK;\??\c:\windows\system32\Drivers\FLOCKXP.SYS [2004-10-14 11585]
R2 RServer3;Radmin Server V3;"c:\windows\system32\rserver30\RServer3.exe" /service [2007-02-02 1235032]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2007-11-30 651712]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\DRIVERS\hpusbfd.sys [2008-07-24 7552]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys []
S2 WhoCallService;WhoCallsService; []
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [2008-07-08 815104]
S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\DRIVERS\imhidusb.sys [2006-12-04 30984]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S3 SaiHFFB5;SaiHFFB5;c:\windows\system32\DRIVERS\SaiHFFB5.sys [2006-12-04 56576]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
.
Contents of the 'Scheduled Tasks' folder

2008-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-29 c:\windows\Tasks\User_Feed_Synchronization-{E4F5BF34-73F6-4B42-8CE6-893AB021A719}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local

c:\windows\system32\msvbvm60.dll - c:\windows\system32\OLEAUT32.DLL
c:\windows\system32\OLEPRO32.DLL
c:\windows\system32\ASYCFILT.DLL
c:\windows\system32\STDOLE2.TLB
c:\windows\system32\COMCAT.DLL
c:\windows\Downloaded Program Files\BwAsyncSearch.exe
c:\windows\Downloaded Program Files\BwCommon.dll
c:\windows\Downloaded Program Files\BwOutlook.dll
O16 -: {3D19135C-6D38-44AD-80F0-D9318F48726D}
hxxp://appserver.dca.broadvoice.com/com ... utlook.CAB
c:\windows\Downloaded Program Files\BwOutlook.INF

c:\windows\Downloaded Program Files\Manager.exe - c:\windows\Downloaded Program Files\DownloadManagerV2.ocx
O16 -: {4871A87A-BFDD-4106-8153-FFDE2BAC2967}
hxxp://dlm.tools.akamai.com/dlmanager/v ... .2.3.7.cab
c:\windows\Downloaded Program Files\DownloadManagerV2.inf

O16 -: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://aerial.leepa.org/ecwplugins/ncs.cab
c:\windows\Downloaded Program Files\NCSview.inf
FF - ProfilePath - c:\documents and settings\Art\Application Data\Mozilla\Firefox\Profiles\w81zhwnv.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\\components\nsdcads.dll
FF - plugin: c:\documents and settings\Art\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-30 10:17:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2008-12-30 10:18:19
ComboFix-quarantined-files.txt 2008-12-30 15:18:00
ComboFix2.txt 2008-12-29 18:49:29
ComboFix3.txt 2008-12-16 14:09:36
ComboFix4.txt 2008-12-12 14:15:42
ComboFix5.txt 2008-12-30 15:13:03

Pre-Run: 86,905,151,488 bytes free
Post-Run: 86,883,360,768 bytes free

335 --- E O F --- 2008-12-18 01:00:37



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:04 AM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\rserver30\RServer3.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rserver30\FamItrfc.Exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe"
O4 - HKLM\..\Run: [Ptipbmf] "C:\WINDOWS\system32\rundll32.exe" ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EnvyHFCPL] "C:\Program Files\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" 1
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3D19135C-6D38-44AD-80F0-D9318F48726D} (BwOutlook.OutlookIntegrator) - http://appserver.dca.broadvoice.com/com ... utlook.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.3.7.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 2974583406
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... ase370.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://192.35.96.219/home/SonySncRz30View.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 3318139859
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://aerial.leepa.org/ecwplugins/ncs.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Radmin Server V3 (RServer3) - Famatech International Corp. - C:\WINDOWS\system32\rserver30\RServer3.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9796 bytes
ArtLab
Active Member
 
Posts: 14
Joined: December 18th, 2008, 12:35 pm

Re: Need Help Removing Adsoftinc

Unread postby Odd dude » December 30th, 2008, 1:17 pm

How's the computer running?

Can you make an uninstall list now as per the instructions I outlined in my first post?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Need Help Removing Adsoftinc

Unread postby ArtLab » December 30th, 2008, 5:44 pm

The computer is running great! Yes, I was able to produce an uninstall list and here's a copy. If you find that I have anything installed which I shouldn't, please let me know and I will remove it.

7-Zip 4.47 beta
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Common File Installer
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Premiere Elements 4.0
Adobe Reader 9
Adobe Setup
Adobe Setup
All That Chords! 3.2
AnswerWorks 5.0 English Runtime
AOL Instant Messenger
AP Tuner 3.06
Apple Mobile Device Support
Apple Software Update
ASUS Probe V2.22.04
ASUSUpdate
Athlon 64 Processor Driver
avast! Antivirus
AVS Video Converter 6
CarBasePro
CCleaner (remove only)
Civilization III Complete Edition
Civilization III v1.29f
ConvertHelper 2.1
Cool & Quiet
Cool Edit Pro 2.0
DivX Codec
DivX Converter
DivX Player
Driver Genius Professional Edition 2007
EasyCleaner
Envy24 Family Audio Controller's Driver Uninstall
Eusing Free Registry Cleaner
EVEREST Home Edition v2.20
File Lock 4.2
FingerPower! Vol. 1
FLV Player 2.0, build 24
Free Internet TV v6.0
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hauppauge WinTV
Hauppauge WinTV Infrared Remote
Hauppauge WinTV IR Blaster
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
Hotfix for Windows Internet Explorer 7 (KB947864)
HP PrecisionScan Pro and Utilities
Image Web Server 7.0 IE Plugins (Build:3,1,0,229)
InterVideo FilterSDK for Hauppauge
Ipswitch WS_FTP Pro
Java(TM) 6 Update 11
K-Lite Codec Pack 3.8.0 Basic
LogMeIn
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Malwarebytes' Anti-Malware
Marvell Miniport Driver
MediaCoder 0.6.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.0.5)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6.0 Parser (KB933579)
MWSnap 3
nanoPEG-Editor 2.3 Hauppauge Edition
nanoPEG-Editor 2.6.0 for WinTV
NASA World Wind 1.3
Nero 7 Ultra Edition
Netflix Movie Viewer
NVIDIA Drivers
PCForrest StartMan 1.3.96
Photodex Presenter
PhotoNow!
Poedit
PowerDirector
ProShow Gold
Quicken 2008
QuickTime
Radmin Server 3.0
Radmin Viewer 3.0
Recover My Files
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
SmartSound Quicktracks Plugin
SoundMAX
Spybot - Search & Destroy
SpyHunter
SST Programming Software
Super Blank 3.01
SUPERAntiSpyware Free Edition
System Requirements Lab
Ulead DVD MovieFactory 4.0 SE
UnRAR for Windows
URGE
VIA Platform Device Manager
Virtual Cable Tester
Virtual Earth 3D (Beta)
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Resource Kit Tools
Windows XP Service Pack 3
WMAConvert 1.3.1
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
ArtLab
Active Member
 
Posts: 14
Joined: December 18th, 2008, 12:35 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 330 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware