MalWare Pop-ups, cannot remove!!

djmonstadjmonsta London, UK Member
edited June 2009 in Spyware & Virus Removal
HELP! I'm trying to get rid of some spyware and failing miserably!! I've scanned with AVG, AdAware, Spybot, Windows Defender, Spysweeper and Malwarebytes. Some detect something, then tell me its been removed, but its still there. I have a dual-boot going on, and i boot to the other partition so the other OS isn't running and run scans, same thing. Infected system is XP Pro SP3. FYI the other boot is Vista Home Premium (uninfected).

Below is my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:54:52, on 18/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\isposure\IsposureAgent.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Gigabyte\ET5Pro\GUI.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\VMware\VMware Workstation\hqtray.exe
C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CPU Thermometer\CPUThermometer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
C:\Documents and Settings\Adam Harrison\Desktop\RealTemp\RealTemp.exe
C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: InternetExperienceEnhancer - {155AF1C4-430E-9CD7-1A6E-721A433EA1CF} - C:\Program
Files\InternetExperienceEnhancer\InternetExperienceEnhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -
C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ZPLED] "C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe"
O4 - HKLM\..\Run: [C-Media Mixer] "C:\WINDOWS\Mixer.exe" /startup
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [GEST] m‘|\ü
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EasyTuneVPro] "C:\Program Files\Gigabyte\ET5Pro\ETcall.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [WinSys2] "C:\WINDOWS\system32\winsys2.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [tbbMeter] "C:\Program Files\thinkbroadband.com\tbbMeter\tbbmeter.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [CPU Thermometer] "C:\Program Files\CPU Thermometer\CPUThermometer.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] "C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" -Update
-1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR
3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.candystand.com/play.do?id=17885"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shortcut to RealTemp.lnk = C:\Documents and Settings\Adam Harrison\Desktop\RealTemp\RealTemp.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program
Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) -
http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -
http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware
Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware
Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common
Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) -
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 12604 bytes

Comments

  • edited June 2009
    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.


    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly laechel.gif

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe




    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.


    Please Download GMER to your desktop

    Download GMER and extract it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click Yes.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.
  • djmonstadjmonsta London, UK Member
    edited June 2009
    Thank you for your help.

    Log.txt:

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Adam Harrison at 2009-06-22 15:11:17
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 11 GB (17%) free of 66 GB
    Total RAM: 3070 MB (79% free)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:11:24, on 22/06/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16850)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\isposure\IsposureAgent.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\WINDOWS\system32\vmnat.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe
    C:\WINDOWS\Mixer.exe
    C:\WINDOWS\system32\vmnetdhcp.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Winamp\winampa.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\VMware\VMware Workstation\hqtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Kontiki\KHost.exe
    C:\Program Files\CPU Thermometer\CPUThermometer.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
    E:\downloads\RealTemp\RealTemp.exe
    C:\Program Files\Slim Multimedia Keyboard\OSD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Adam Harrison\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Adam Harrison.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: InternetExperienceEnhancer - {155AF1C4-430E-9CD7-1A6E-721A433EA1CF} - C:\Program Files\InternetExperienceEnhancer\InternetExperienceEnhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [ZPLED] "C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe"
    O4 - HKLM\..\Run: [C-Media Mixer] "C:\WINDOWS\Mixer.exe" /startup
    O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
    O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
    O4 - HKLM\..\Run: [GEST] m‘|\ü
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [EasyTuneVPro] "C:\Program Files\Gigabyte\ET5Pro\ETcall.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
    O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
    O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Workstation\hqtray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
    O4 - HKLM\..\Run: [CPU Thermometer] "C:\Program Files\CPU Thermometer\CPUThermometer.exe" -s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [CTFMON.EXE] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
    O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.candystand.com/play.do?id=17885"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: RealTemp.lnk = E:\downloads\RealTemp\RealTemp.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Slim Multimedia Keyboard.lnk = C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://asia.msi.com.tw
    O15 - Trusted Zone: http://global.msi.com.tw
    O15 - Trusted Zone: http://www.msi.com.tw
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IsposureAgent (isposure_svc) - Epitiro Ltd. - C:\Program Files\isposure\IsposureAgent.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
    O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
    O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    --
    End of file - 11869 bytes
    ======Scheduled tasks folder======
    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    ======Registry dump======
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{155AF1C4-430E-9CD7-1A6E-721A433EA1CF}]
    InternetExperienceEnhancer - C:\Program Files\InternetExperienceEnhancer\InternetExperienceEnhancer.dll [2009-06-03 155136]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-17 304736]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-05-11 1107224]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ZPLED"=C:\Program Files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe [2006-02-21 347648]
    "C-Media Mixer"=C:\WINDOWS\Mixer.exe [2003-03-20 1855488]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "GEST"=m‘|\ü []
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2005-02-17 221184]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-02-17 81920]
    "EasyTuneVPro"=C:\Program Files\Gigabyte\ET5Pro\ETcall.exe [2007-07-26 20480]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-01-15 13680640]
    "nwiz"=C:\WINDOWS\system32\nwiz.exe [2009-01-15 1657376]
    "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
    "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-05-11 1947928]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-01-15 86016]
    "vmware-tray"=C:\Program Files\VMware\VMware Workstation\vmware-tray.exe [2007-05-01 68400]
    "VMware hqtray"=C:\Program Files\VMware\VMware Workstation\hqtray.exe [2007-05-01 56112]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-03-12 342312]
    "4oD"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
    "CPU Thermometer"=C:\Program Files\CPU Thermometer\CPUThermometer.exe [2009-04-13 766976]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
    "SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-05-13 6345840]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
    "MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408]
    "kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150595.exe [2009-03-19 460216]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
    Slim Multimedia Keyboard.lnk - C:\Program Files\Slim Multimedia Keyboard\MagicKey.exe
    C:\Documents and Settings\Adam Harrison\Start Menu\Programs\Startup
    RealTemp.lnk - E:\downloads\RealTemp\RealTemp.exe
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-05-11 11952]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    "NoDriveTypeAutoRun"=
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\Codemasters\GRID\GRID.exe"="C:\Program Files\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
    "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008"
    "C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
    "C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\Documents and Settings\Adam Harrison\Desktop\Duke3d (xDuke)\duke3d_w32.exe"="C:\Documents and Settings\Adam Harrison\Desktop\Duke3d (xDuke)\duke3d_w32.exe:*:Enabled:duke3d_w32"
    "C:\Program Files\YANG\yang.exe"="C:\Program Files\YANG\yang.exe:*:Enabled:yang"
    "C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    ======List of files/folders created in the last 1 months======
    2009-06-22 15:11:17 ----D---- C:\rsit
    2009-06-21 19:57:01 ----D---- C:\Program Files\Microsoft Games
    2009-06-19 15:37:06 ----D---- C:\Program Files\MSXML 4.0
    2009-06-19 00:47:44 ----D---- C:\Program Files\Panda Security
    2009-06-18 22:19:50 ----SHD---- C:\Config.Msi
    2009-06-18 22:04:39 ----A---- C:\WINDOWS\system32\capicom.dll
    2009-06-18 22:04:29 ----D---- C:\Program Files\MSSOAP
    2009-06-18 21:54:35 ----D---- C:\Program Files\Trend Micro
    2009-06-17 22:51:22 ----D---- C:\Program Files\Lavasoft
    2009-06-17 22:51:22 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2009-06-17 22:43:07 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-06-17 22:42:53 ----D---- C:\Program Files\SpywareBlaster
    2009-06-13 03:26:11 ----D---- C:\Avenger
    2009-06-13 03:06:17 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
    2009-06-13 03:06:10 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
    2009-06-13 03:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
    2009-06-13 03:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
    2009-06-13 02:35:21 ----D---- C:\Documents and Settings\Adam Harrison\Application Data\Malwarebytes
    2009-06-13 02:35:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-06-11 02:33:47 ----A---- C:\WINDOWS\WRSetup.dll
    2009-06-11 02:33:46 ----D---- C:\Program Files\Webroot
    2009-06-11 02:33:46 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
    2009-06-11 02:33:46 ----D---- C:\Documents and Settings\Adam Harrison\Application Data\Webroot
    2009-06-10 01:32:22 ----D---- C:\Program Files\InternetExperienceEnhancer
    2009-06-10 01:23:58 ----D---- C:\Documents and Settings\Adam Harrison\Application Data\Cabos
    2009-06-10 00:20:18 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-06-10 00:20:18 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-06-10 00:20:18 ----A---- C:\WINDOWS\system32\java.exe
    2009-06-09 12:07:25 ----D---- C:\Program Files\Smart Projects
    2009-06-06 00:31:36 ----D---- C:\Documents and Settings\Adam Harrison\Application Data\yang
    2009-06-06 00:30:22 ----D---- C:\Program Files\YANG
    2009-05-31 17:50:57 ----D---- C:\Program Files\SpeedFan
    2009-05-31 05:48:39 ----D---- C:\Program Files\CPU Thermometer
    2009-05-31 05:42:05 ----D---- C:\Program Files\Motherboard Monitor 5
    2009-05-31 03:12:17 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
    ======List of files/folders modified in the last 1 months======
    2009-06-22 15:11:18 ----D---- C:\WINDOWS\Prefetch
    2009-06-22 15:10:59 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
    2009-06-22 15:10:46 ----D---- C:\WINDOWS\Temp
    2009-06-22 15:10:06 ----D---- C:\Program Files\isposure
    2009-06-22 15:08:01 ----D---- C:\WINDOWS\system32
    2009-06-22 15:06:05 ----D---- C:\Documents and Settings\Adam Harrison\Application Data\VMware
    2009-06-22 15:05:28 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
    2009-06-22 02:40:42 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-06-21 20:51:47 ----D---- C:\Program Files\Steam
    2009-06-21 20:51:40 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-06-21 19:57:16 ----RD---- C:\Program Files
    2009-06-21 18:59:07 ----D---- C:\Documents and Settings\All Users\Application Data\Epitiro
    2009-06-20 23:48:17 ----D---- C:\Program Files\Full Tilt Poker
    2009-06-20 02:23:10 ----HD---- C:\WINDOWS\inf
    2009-06-19 15:37:07 ----SHD---- C:\WINDOWS\Installer
    2009-06-19 15:37:07 ----D---- C:\WINDOWS\WinSxS
    2009-06-19 15:36:59 ----D---- C:\WINDOWS
    2009-06-19 15:17:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-06-19 00:49:24 ----D---- C:\WINDOWS\system32\drivers
    2009-06-19 00:47:27 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-06-18 22:39:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-18 22:39:51 ----D---- C:\WINDOWS\Debug
    2009-06-18 22:19:42 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-06-18 14:57:02 ----HD---- C:\$AVG8.VAULT$
    2009-06-17 22:53:46 ----SD---- C:\WINDOWS\Tasks
    2009-06-14 01:54:32 ----D---- C:\Program Files\PokerStars
    2009-06-13 03:06:05 ----HD---- C:\WINDOWS\$hf_mig$
    2009-06-13 03:02:12 ----D---- C:\WINDOWS\system32\en-US
    2009-06-13 03:02:12 ----D---- C:\Program Files\Internet Explorer
    2009-06-11 01:46:30 ----D---- C:\Program Files\PE
    2009-06-11 01:46:04 ----D---- C:\Program Files\SystemRequirementsLab
    2009-06-10 01:32:22 ----D---- C:\Program Files\Windows Media Player
    2009-06-10 00:20:11 ----D---- C:\Program Files\Java
    2009-06-09 14:16:52 ----D---- C:\WINDOWS\system32\DirectX
    2009-06-09 01:28:41 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-06-01 17:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-05-31 03:11:52 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
    2009-05-25 04:09:56 ----A---- C:\WINDOWS\win.ini
    2009-05-25 00:55:34 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
    2009-05-25 00:55:08 ----D---- C:\Program Files\SharkScope
    2009-05-25 00:54:02 ----D---- C:\Program Files\Full Tilt Poker Beta
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-05-11 325896]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-05-11 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-11 108552]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2001-11-27 11886]
    R1 pwipf6;pwipf6; C:\WINDOWS\system32\drivers\pwipf6.sys [2009-06-18 108296]
    R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\Drivers\hcmon.sys []
    R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2007-05-01 28592]
    R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
    R2 VMparport;VMware VMparport; \??\C:\WINDOWS\system32\Drivers\VMparport.sys []
    R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
    R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
    R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys []
    R3 ET5Drv;ET5Drv; \??\C:\WINDOWS\system32\Drivers\ET5Drv.sys []
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-01-15 6301248]
    R3 PAC207;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 162176]
    R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-11-22 105088]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
    R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\E:\downloads\RealTemp\WinRing0.sys []
    S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-13 31744]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
    S3 cpuz128;cpuz128; \??\C:\DOCUME~1\ADAMHA~1\LOCALS~1\Temp\cpuz_x32.sys []
    S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
    S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
    S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
    S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
    S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
    S3 RT2500;Belkin RT2500 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2500.sys [2005-09-07 243200]
    S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\Sandra.sys []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
    S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2007-05-01 16816]
    S3 vmusb;VMware USB Client Driver; C:\WINDOWS\System32\Drivers\vmusb.sys [2007-05-01 30768]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-11 298776]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 isposure_svc;IsposureAgent; C:\Program Files\isposure\IsposureAgent.exe [2009-04-16 729088]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
    R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-01-15 163908]
    R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
    R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2007-05-01 109360]
    R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2007-05-01 121648]
    R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
    R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2007-05-01 150320]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2009-04-21 4048240]
    R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe [2009-06-18 1205760]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-12-01 33752]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
    S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
    S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
    S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
    S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2007-04-09 187184]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
    EOF
  • djmonstadjmonsta London, UK Member
    edited June 2009
    Info.txt:

    info.txt logfile of random's system information tool 1.06 2009-06-22 15:11:26
    ======Uninstall list======
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
    Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
    Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
    Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
    Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe"
    Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
    AVG 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Burnout(TM) Paradise The Ultimate Box-->MsiExec.exe /I{060DB08D-4AB9-4798-9024-03BABCBAF775}
    CamfrogWEB Advanced ActiveX Plugin (remove only)-->"C:\Program Files\CFWebAdvancedU\Uninstall.exe"
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    DMIView B06.1227.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}\setup.exe" -l0x9 -removeonly
    EasyTune5Pro-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Gigabyte\ET5Pro\Uninst.isu" -c"C:\Program Files\Gigabyte\ET5Pro\uninstdrv.dll"
    Far Cry-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
    FL Studio 5-->C:\Program Files\Image-Line\FLStudio5\uninstall.exe
    Football Manager 2009-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10540
    Free Word Excel Password Wizard-->MsiExec.exe /I{2EB44B16-05EF-42FD-9300-A85CDEF60864}
    Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
    getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
    GRID-->"C:\Program Files\InstallShield Installation Information\{5A0B7BA5-4682-4273-81C2-69B17E649103}\setup.exe" -runfromtemp -l0x0009 -removeonly
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB943232-v2)-->"C:\WINDOWS\$NtUninstallKB943232-v2$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
    InternetExperienceEnhancer-->C:\Program Files\InternetExperienceEnhancer\uninstall.exe uninstall=internetexperienceenhancer
    IsoBuster 2.5-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
    isposure (installed by tbbMeter)-->MsiExec.exe /X{FC0C329F-2851-4859-A2EC-4DCF4874E5D6}
    iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
    Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    London and South East v1.2-->C:\Program Files\Microsoft Games\Train Simulator\LSEUninstal.exe
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft DirectX Transform optional components-->RUNDLL32.EXE ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\DXTXTRA.INF,UNINSTALL.NT,12
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
    Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
    Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
    Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
    Nokia PC Suite-->MsiExec.exe /I{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
    Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
    PC Camera E-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{5ACAFB32-6336-4304-9766-B233ACEC0A8F}
    PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
    PCI Audio Applications-->C:\Program Files\PCI Audio Applications\Bin\Uninstall.exe
    PCI Audio Driver-->cmuninst.exe
    PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
    RF Keyboard 1.0-->C:\Program Files\Wireless\RF Keyboard\1.0\unins000.EXE
    Scarface: The World is Yours-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{28142407-ACAD-4ECD-A6B6-9FA8471F6062}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Sibelius Scorch (ActiveX Only)-->MsiExec.exe /I{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}
    Slim Multimedia Keyboard-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Slim Multimedia Keyboard\uninst.isu" -c"C:\Program Files\Slim Multimedia Keyboard\UnInst.dll"
    Sony ACID Pro 6.0-->MsiExec.exe /X{AB7E8EC4-D04C-4A2B-A33B-4A3725C72285}
    Sony Media Manager 2.1-->MsiExec.exe /X{C86A8B40-0702-45FA-BFEC-82B0C5932038}
    SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
    Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
    SYSTEM_INFO B07.1219.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC4914EF-6618-4949-A1CF-BD4917A00221}\setup.exe" -l0x9 -removeonly
    tbbMeter-->MsiExec.exe /X{23875609-A02D-4DD2-AEC3-B3408295F9D7}
    Total Annihilation-->C:\CAVEDOG\TOTALA\setup.exe -u
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    VMware Workstation-->MsiExec.exe /I{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}
    Webroot Internet Security Essentials-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe" /Log="C:\DOCUME~1\ADAMHA~1\LOCALS~1\Temp\Uninstall.txt"
    Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Driver Package - Nokia Modem (02/23/2009 7.01.0.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_171C10620CF14FA76859E310DF8C6CF642D81C73\nokbtmdm.inf
    Windows Driver Package - Nokia Modem (02/24/2009 4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_5929FEDBB724B17D4BCDD74361BD95262BE1608B\nokia_bluetooth.inf
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
    Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
    Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
    Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
    Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
    YANG (Yet Another Netplay Guider)-->"C:\Program Files\YANG\uninstall.exe"
    ======Security center information======
    AV: AVG Anti-Virus Free
    FW: Spy Sweeper (disabled)
    ======System event log======
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 7022
    Message: The KService service hung on starting.
    Record Number: 9545
    Source Name: Service Control Manager
    Time Written: 20090512011057.000000+060
    Event Type: error
    User:
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 7022
    Message: The KService service hung on starting.
    Record Number: 9505
    Source Name: Service Control Manager
    Time Written: 20090511134218.000000+060
    Event Type: error
    User:
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 7022
    Message: The KService service hung on starting.
    Record Number: 9473
    Source Name: Service Control Manager
    Time Written: 20090511034744.000000+060
    Event Type: error
    User:
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 7022
    Message: The KService service hung on starting.
    Record Number: 9442
    Source Name: Service Control Manager
    Time Written: 20090507133247.000000+060
    Event Type: error
    User:
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 7022
    Message: The KService service hung on starting.
    Record Number: 9405
    Source Name: Service Control Manager
    Time Written: 20090502153244.000000+060
    Event Type: error
    User:
    =====Application event log=====
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 19011
    Message:
    Record Number: 2814
    Source Name: MSSQL$SONY_MEDIAMGR
    Time Written: 20090317004750.000000+000
    Event Type: warning
    User:
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 100
    Message: Request by process 2916 to open '\\.\VMwareKbdFilter': unrecognized pid

    Record Number: 2777
    Source Name: vmauthd
    Time Written: 20090314024124.000000+000
    Event Type: error
    User:
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 8
    Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

    Record Number: 2755
    Source Name: crypt32
    Time Written: 20090313024417.000000+000
    Event Type: error
    User:
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 8
    Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

    Record Number: 2754
    Source Name: crypt32
    Time Written: 20090313024417.000000+000
    Event Type: error
    User:
    Computer Name: ADAM-26Z8CRMG3R
    Event Code: 1002
    Message: Hanging application iexplore.exe, version 7.0.6000.16791, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Record Number: 2712
    Source Name: Application Hang
    Time Written: 20090310001312.000000+000
    Event Type: error
    User:
    ======Environment variables======
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBuster
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
    "PROCESSOR_REVISION"=170a
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "FP_NO_HOST_CHECK"=NO
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    EOF
  • djmonstadjmonsta London, UK Member
    edited June 2009
    GMER.txt:

    GMER 1.0.15.14972 - http://www.gmer.net
    Rootkit scan 2009-06-23 00:00:56
    Windows 5.1.2600 Service Pack 3

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwAdjustPrivilegesToken [0xB6DAC820]
    SSDT 8AE58160 ZwAllocateVirtualMemory
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwConnectPort [0xB6DACD10]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateFile [0xB6DAB4B0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateKey [0xB6DAC480]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreatePort [0xB6DAD0C0]
    SSDT 8AE56AC8 ZwCreateProcess
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateProcessEx [0xB6DADA50]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateSection [0xB6DAD320]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateThread [0xB6DAD620]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDebugActiveProcess [0xB6DABF60]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteKey [0xB6DA9DD0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteValueKey [0xB6DA9F60]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeviceIoControlFile [0xB6DAC090]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenFile [0xB6DAB7C0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenProcess [0xB6DAA140]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenSection [0xB6DABA70]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenThread [0xB6DAC6B0]
    SSDT 8AE581D8 ZwQueueApcThread
    SSDT 8AE39528 ZwReadVirtualMemory
    SSDT 8AE56C60 ZwRenameKey
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwResumeThread [0xB6DAA400]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSecureConnectPort [0xB6DACEE0]
    SSDT 8AE58420 ZwSetContextThread
    SSDT 8ADF5460 ZwSetInformationKey
    SSDT 8AE2A250 ZwSetInformationProcess
    SSDT 8AE391A0 ZwSetInformationThread
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSetValueKey [0xB6DA9C00]
    SSDT 8AE77580 ZwSuspendProcess
    SSDT 8AE583A8 ZwSuspendThread
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateProcess [0xB6DA9AB0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateThread [0xB6DAA2C0]
    SSDT 8AE395A0 ZwWriteVirtualMemory
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [C0, D0, DA, B6, C8, 6A, E5, ...]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[864] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe[3676] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00450771 C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
    .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4016] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4016] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000169B0 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4016] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00016000 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4016] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00016960 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\Spy Sweeper\SSU.EXE[4016] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 00016990 C:\Program Files\Webroot\Spy Sweeper\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    ---- Kernel IAT/EAT - GMER 1.0.15 ----
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8AE93020
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8AE92898
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8AE92898
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8AE93020
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8AE93020
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8AE92898
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8AE92898
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8AE93020
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8AE92898
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8AE93020
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8AE92898
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8AE92898
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8AE93020
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    Device \Driver\Tcpip \Device\Ip 8ABB2708
    Device \Driver\Tcpip \Device\Ip 8A50B960
    Device \Driver\Tcpip \Device\Ip 8A4B09F0
    Device \Driver\Tcpip \Device\Ip 8AE55020
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Ip pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\Tcpip \Device\Tcp 8ABB2708
    Device \Driver\Tcpip \Device\Tcp 8A50B960
    Device \Driver\Tcpip \Device\Tcp 8A4B09F0
    Device \Driver\Tcpip \Device\Tcp 8AE55020
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
    Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\Tcpip \Device\Udp 8ABB2708
    Device \Driver\Tcpip \Device\Udp 8A50B960
    Device \Driver\Tcpip \Device\Udp 8A4B09F0
    Device \Driver\Tcpip \Device\Udp 8AE55020
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
    Device \Driver\Tcpip \Device\RawIp 8ABB2708
    Device \Driver\Tcpip \Device\RawIp 8A50B960
    Device \Driver\Tcpip \Device\RawIp 8A4B09F0
    Device \Driver\Tcpip \Device\RawIp 8AE55020
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000007a hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000007b hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\Tcpip \Device\IPMULTICAST 8ABB2708
    Device \Driver\Tcpip \Device\IPMULTICAST 8A50B960
    Device \Driver\Tcpip \Device\IPMULTICAST 8A4B09F0
    Device \Driver\Tcpip \Device\IPMULTICAST 8AE55020
    Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000007c hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000007d hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000007e hcmon.sys (VMware USB monitor/VMware, Inc.)
    Device \Driver\usbhub \Device\0000007f hcmon.sys (VMware USB monitor/VMware, Inc.)
    ---- EOF - GMER 1.0.15 ----
  • edited June 2009
    Information

    IMPORTANT
    I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    Ares 2.1.1
    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Also available here.

    My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
    Please note: you must NOT use any P2P whilst we are cleaning your machine.




    Step 1

    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If requested, please reboot
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




    Step 2


    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper




    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    • MalwareBytes Log
    • Combofix Log
    • How are things running now ?
  • djmonstadjmonsta London, UK Member
    edited June 2009
    MalWareBytes log file:

    Malwarebytes' Anti-Malware 1.38
    Database version: 2326
    Windows 5.1.2600 Service Pack 3
    23/06/2009 23:27:54
    mbam-log-2009-06-23 (23-27-54).txt
    Scan type: Full Scan (C:\|)
    Objects scanned: 244357
    Time elapsed: 49 minute(s), 28 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 7
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 2
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    C:\Program Files\InternetExperienceEnhancer\InternetExperienceEnhancer.dll (Adware.PlayMP3z) -> Delete on reboot.
    Registry Keys Infected:
    HKEY_CLASSES_ROOT\internetexperienceenhancer.internetexperienceenhancer (Adware.PlayMP3z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{09d6dab7-9ab9-f331-ec44-da2b7eaa0539} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{cf3e7593-3961-8c97-ec09-182179c0bfcc} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{155af1c4-430e-9cd7-1a6e-721a433ea1cf} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{155af1c4-430e-9cd7-1a6e-721a433ea1cf} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{155af1c4-430e-9cd7-1a6e-721a433ea1cf} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\internetexperienceenhancer.internetexperienceenhancer.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\Program Files\InternetExperienceEnhancer (Adware.PlayMP3z) -> Delete on reboot.
    Files Infected:
    C:\Program Files\InternetExperienceEnhancer\InternetExperienceEnhancer.dll (Adware.PlayMP3z) -> Delete on reboot.
    c:\program files\internetexperienceenhancer\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
  • djmonstadjmonsta London, UK Member
    edited June 2009
    ComboFix log file:

    ComboFix 09-06-22.0E - Adam Harrison 23/06/2009 23:39.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2484 [GMT 1:00]
    Running from: c:\documents and settings\Adam Harrison\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: Spy Sweeper *disabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\$recycle.bin\S-1-5-21-3446570064-235375294-2338634819-1000
    c:\$recycle.bin\S-1-5-21-3446570064-235375294-2338634819-1000\desktop.ini
    c:\windows\jestertb.dll
    c:\windows\system32\tmp70.tmp
    .
    ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
    .
    2009-06-23 21:37 . 2009-06-17 10:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-23 21:37 . 2009-06-23 21:37
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-23 21:37 . 2009-06-17 10:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-22 14:11 . 2009-06-22 14:11
    d
    w- C:\rsit
    2009-06-21 18:57 . 2009-06-21 18:57
    d
    w- c:\program files\Microsoft Games
    2009-06-19 14:37 . 2009-06-19 14:37
    d
    w- c:\program files\MSXML 4.0
    2009-06-19 00:05 . 2008-04-13 23:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2009-06-19 00:05 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2009-06-19 00:05 . 2008-04-13 23:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2009-06-19 00:05 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2009-06-19 00:05 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2009-06-19 00:04 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2009-06-19 00:04 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2009-06-19 00:04 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2009-06-19 00:04 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2009-06-19 00:04 . 2008-04-13 23:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2009-06-19 00:02 . 2001-08-17 11:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
    2009-06-19 00:01 . 2001-08-17 13:56 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
    2009-06-19 00:00 . 2008-04-13 17:41 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
    2009-06-18 23:59 . 2008-04-13 17:46 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2009-06-18 23:58 . 2001-08-17 11:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
    2009-06-18 23:57 . 2001-08-17 21:34 9216 -c--a-w- c:\windows\system32\dllcache\ibmsgnet.dll
    2009-06-18 23:56 . 2008-04-13 17:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
    2009-06-18 23:55 . 2001-08-17 21:36 25600 -c--a-w- c:\windows\system32\dllcache\dc210_32.dll
    2009-06-18 23:54 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2009-06-18 23:53 . 2001-08-17 13:56 104832 -c--a-w- c:\windows\system32\dllcache\atiraged.dll
    2009-06-18 23:47 . 2008-06-19 16:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2009-06-18 23:47 . 2009-06-18 23:47
    d
    w- c:\program files\Panda Security
    2009-06-18 21:04 . 2009-06-18 21:04
    d
    w- c:\program files\MSSOAP
    2009-06-18 21:04 . 2009-06-18 21:03 108296 ----a-w- c:\windows\system32\drivers\pwipf6.sys
    2009-06-18 20:54 . 2009-06-18 20:54
    d
    w- c:\program files\Trend Micro
    2009-06-17 21:51 . 2009-06-18 21:19
    d
    w- c:\program files\Lavasoft
    2009-06-17 21:51 . 2009-06-18 21:19
    d
    w- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-06-17 21:43 . 2009-06-17 21:46
    d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-06-17 21:42 . 2009-06-17 21:44
    d
    w- c:\program files\SpywareBlaster
    2009-06-13 01:35 . 2009-06-13 01:35
    d
    w- c:\documents and settings\Adam Harrison\Application Data\Malwarebytes
    2009-06-13 01:35 . 2009-06-13 01:35
    d
    w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-06-12 23:41 . 2009-06-12 23:41
    d
    w- c:\documents and settings\LocalService\Application Data\Webroot
    2009-06-11 01:33 . 2009-05-13 14:39 1563008 ----a-w- c:\windows\WRSetup.dll
    2009-06-11 01:33 . 2009-06-18 21:07
    d
    w- c:\documents and settings\All Users\Application Data\Webroot
    2009-06-11 01:33 . 2009-06-11 01:33
    d
    w- c:\program files\Webroot
    2009-06-11 01:33 . 2009-06-11 01:33
    d
    w- c:\documents and settings\Adam Harrison\Application Data\Webroot
    2009-06-10 00:23 . 2009-06-10 01:17
    d
    w- c:\documents and settings\Adam Harrison\Application Data\Cabos
    2009-06-09 23:16 . 2009-06-09 23:16 152576 ----a-w- c:\documents and settings\Adam Harrison\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
    2009-06-09 11:07 . 2009-06-09 11:07
    d
    w- c:\program files\Smart Projects
    2009-06-05 23:37 . 2009-06-07 19:54 218 ----a-w- c:\documents and settings\Adam Harrison\Application Data\yang\yang.bat
    2009-06-05 23:31 . 2009-06-07 19:54
    d
    w- c:\documents and settings\Adam Harrison\Application Data\yang
    2009-06-05 23:30 . 2009-06-05 23:30
    d
    w- c:\program files\YANG
    2009-05-31 16:50 . 2009-06-21 18:50
    d
    w- c:\program files\SpeedFan
    2009-05-31 04:48 . 2009-05-31 05:01
    d
    w- c:\program files\CPU Thermometer
    2009-05-31 04:42 . 2009-05-31 05:01
    d
    w- c:\program files\Motherboard Monitor 5
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-23 22:41 . 2009-03-19 04:11
    d
    w- c:\documents and settings\All Users\Application Data\Kontiki
    2009-06-23 22:39 . 2009-03-14 02:40
    d
    w- c:\documents and settings\Adam Harrison\Application Data\VMware
    2009-06-23 22:36 . 2009-03-19 20:14
    d
    w- c:\program files\isposure
    2009-06-23 22:34 . 2008-12-17 21:23 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
    2009-06-23 22:31 . 2009-03-14 02:36
    d
    w- c:\documents and settings\All Users\Application Data\VMware
    2009-06-23 22:31 . 2009-03-14 02:38
    d
    w- c:\documents and settings\LocalService\Application Data\VMware
    2009-06-23 22:30 . 2009-04-08 22:07 471048 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2009-06-23 22:28 . 2008-12-27 22:19
    d
    w- c:\program files\Steam
    2009-06-23 21:36 . 2008-12-17 20:40
    d
    w- c:\program files\Full Tilt Poker
    2009-06-22 23:11 . 2009-03-19 20:14
    d
    w- c:\documents and settings\All Users\Application Data\Epitiro
    2009-06-18 21:39 . 2009-02-10 14:05
    d
    w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-06-14 00:54 . 2009-04-16 22:14
    d
    w- c:\program files\PokerStars
    2009-06-11 00:46 . 2009-05-18 03:19
    d
    w- c:\program files\PE
    2009-06-11 00:46 . 2009-02-11 00:22
    d
    w- c:\program files\SystemRequirementsLab
    2009-06-09 23:20 . 2008-12-31 06:35
    d
    w- c:\program files\Java
    2009-06-09 00:28 . 2008-12-17 20:15
    d--h--w- c:\program files\InstallShield Installation Information
    2009-05-31 02:22 . 2008-12-17 19:58 16608 ----a-w- c:\windows\gdrv.sys
    2009-05-31 02:11 . 2009-01-01 00:49
    d
    w- c:\documents and settings\All Users\Application Data\PC Suite
    2009-05-24 23:55 . 2009-02-16 01:33
    d
    w- c:\documents and settings\All Users\Application Data\Microsoft Corporation
    2009-05-24 23:55 . 2009-05-18 03:13
    d
    w- c:\program files\SharkScope
    2009-05-24 23:54 . 2009-04-08 19:17
    d
    w- c:\program files\Full Tilt Poker Beta
    2009-05-21 10:33 . 2008-12-31 06:35 410984 ----a-w- c:\windows\system32\deploytk.dll
    2009-05-20 04:00 . 2009-05-20 04:00
    d
    w- c:\documents and settings\All Users\Application Data\LogMeIn
    2009-05-18 03:19 . 2009-05-18 03:19 136 ----a-w- c:\documents and settings\Adam Harrison\Local Settings\Application Data\fusioncache.dat
    2009-05-11 02:53 . 2009-05-11 02:53
    d
    w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2009-05-11 02:47 . 2008-12-18 19:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-05-11 02:47 . 2008-12-18 19:13 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-05-11 02:47 . 2008-12-18 19:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-05-11 02:47 . 2008-12-18 19:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-05-07 15:32 . 2001-08-23 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
    2009-04-29 04:56 . 2001-08-23 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
    2009-04-29 04:55 . 2008-12-17 20:06 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-04-28 23:03 . 2009-04-28 22:31
    d
    w- c:\program files\Electronic Arts
    2009-04-28 01:32 . 2009-04-27 23:58
    d
    w- c:\documents and settings\Adam Harrison\Application Data\MSN6
    2009-04-27 23:58 . 2009-04-27 23:58
    d
    w- c:\documents and settings\All Users\Application Data\MSN6
    2009-04-26 01:14 . 2009-04-26 01:14
    d
    w- c:\program files\Common Files\PCSuite
    2009-04-26 01:14 . 2008-12-31 15:09
    d
    w- c:\program files\Nokia
    2009-04-26 01:14 . 2009-04-26 01:14
    d
    w- c:\program files\Common Files\Nokia
    2009-04-26 01:14 . 2009-04-26 01:14
    d
    w- c:\program files\PC Connectivity Solution
    2009-04-26 01:13 . 2009-04-26 01:13 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
    2009-04-26 01:13 . 2009-04-26 01:13 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
    2009-04-26 01:13 . 2009-04-26 01:13 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
    2009-04-26 01:12 . 2009-04-26 01:13 34396584 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_eng.exe
    2009-04-26 01:12 . 2008-12-31 15:08
    d
    w- c:\documents and settings\All Users\Application Data\Installations
    2009-04-26 01:10 . 2009-04-26 01:10 152576 ----a-w- c:\documents and settings\Adam Harrison\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-04-21 17:27 . 2008-08-09 13:42 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
    2009-04-21 17:27 . 2008-08-09 13:42 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
    2009-04-21 17:27 . 2008-08-09 13:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
    2009-04-21 05:30 . 2009-04-21 04:11 230432 ----a-w- C:\StiImg.dat
    2009-04-17 12:26 . 2001-08-23 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
    2009-04-15 14:51 . 2001-08-23 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-08 16:30 . 2008-12-17 20:11 35360 ----a-w- c:\documents and settings\Adam Harrison\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-03-30 23:38 . 2009-03-30 23:38 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.0.52\SetupAdmin.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
    @=&quot;{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
    [HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
    2009-05-13 14:34 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GEST"="m‘|\ü" [X]
    "ZPLED"="c:\program files\Wireless\RF Keyboard\1.0\ZPKBDLED.exe" [2006-02-21 347648]
    "C-Media Mixer"="c:\windows\Mixer.exe" [2003-03-20 1855488]
    "RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-02-13 16857600]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
    "EasyTuneVPro"="c:\program files\Gigabyte\ET5Pro\ETcall.exe" [2007-07-26 20480]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
    "nwiz"="c:\windows\system32\nwiz.exe" [2009-01-15 1657376]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-11 1947928]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2007-05-01 68400]
    "VMware hqtray"="c:\program files\VMware\VMware Workstation\hqtray.exe" [2007-05-01 56112]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
    "4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
    "CPU Thermometer"="c:\program files\CPU Thermometer\CPUThermometer.exe" [2009-04-13 766976]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
    c:\documents and settings\Adam Harrison\Start Menu\Programs\Startup\
    RealTemp.lnk - e:\downloads\RealTemp\RealTemp.exe [2009-5-31 172032]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    Slim Multimedia Keyboard.lnk - c:\program files\Slim Multimedia Keyboard\MagicKey.exe [2008-12-17 172032]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-05-11 02:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @=&quot;Driver"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @=&quot;Service"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\common\\football manager 2009\\fm.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Documents and Settings\\Adam Harrison\\Desktop\\Duke3d (xDuke)\\duke3d_w32.exe"=
    "c:\\Program Files\\YANG\\yang.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [19/06/2009 00:47 28544]
    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [09/08/2008 14:42 29808]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [18/12/2008 20:13 325896]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [18/12/2008 20:13 108552]
    R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [17/12/2008 20:48 11886]
    R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [18/06/2009 22:04 108296]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [18/12/2008 20:13 298776]
    R2 isposure_svc;IsposureAgent;c:\program files\isposure\IsposureAgent.exe [23/10/2008 09:43 733184]
    R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [18/06/2009 22:04 1205760]
    R3 PAC207;SoC PC-Camera;c:\windows\system32\drivers\pfc027.sys [08/04/2005 11:46 162176]
    S3 cpuz128;cpuz128;\??\c:\docume~1\ADAMHA~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ADAMHA~1\LOCALS~1\Temp\cpuz_x32.sys [?]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [17/12/2008 22:58 33752]
    SUnknown GVTDrv;GVTDrv; [x]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - WINRING0_1_2_0
    *Deregistered* - WinRing0_1_2_0
    .
    Contents of the 'Scheduled Tasks' folder
    2009-02-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    - - - - ORPHANS REMOVED - - - -
    HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET

    .
    Supplementary Scan
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    Trusted Zone: com.tw\asia.msi
    Trusted Zone: com.tw\global.msi
    Trusted Zone: com.tw\www.msi
    DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
    DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-23 23:41
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    Completion time: 2009-06-23 23:42
    ComboFix-quarantined-files.txt 2009-06-23 22:42
    Pre-Run: 12,570,664,960 bytes free
    Post-Run: 13,971,480,576 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    ;
    ;Warning: Boot.ini is used on Windows XP and earlier operating systems.
    ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
    ;
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /FASTDETECT /NOEXECUTE=OPTIN
    251 --- E O F --- 2009-06-19 14:37
  • djmonstadjmonsta London, UK Member
    edited June 2009
    As for the pop-ups, they seemed to have stopped...
  • edited June 2009
    looking good :)
    One final check before the clean up


    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)

    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

    Read the Requirements and limitations before you click Accept.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
  • edited June 2009
    Uninstall Combofix
    • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
      • CF_Cleanup.png






    The following is some info to help you stay safe and clean.


    You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
    ( Vista users must ensure that any programs are Vista compatible BEFORE installing )

    Online Scanners
    I would recommend a scan at one or more of the following sites at least once a month.

    http://www.pandasecurity.com/activescan
    http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

    !!! Make sure that all your programs are updated !!!
    Secunia Software Inspector does all the work for you, .... see HERE for details

    AntiSpyware
      AntiSpyware is
    not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
    [*]Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

    [*] MalwareBytes Anti-malware <<< A New and effective program
    [*]a-squared Free <<< A good "realtime" or "on demand" scanner
    [*]superantispyware <<< A good "realtime" or "on demand" scanner



    Prevention
      These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one
    • Winpatrol
      • An excellent startup manager and then some !!
      • Notifies you if programs are added to startup
      • Allows delayed startup
      • A must have addition
    • SpywareBlaster 4.0
      • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    • SpywareGuard 2.2
      • SpywareGuard provides real-time protection against spyware.
      • Not required if you have other "realtime" antispyware or Winpatrol
    • ZonedOut
      • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
    • MVPS HOSTS
      • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
      • For information on how to download and install, please read this tutorial by WinHelp2002.
      • Not required if you are using other host file protections


    Internet Browsers
      Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.

    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available



    Cleaning Temporary Internet Files and Tracking Cookies
      Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program
    • ATF Cleaner
      • Free and very simple to use
    • CCleaner
      • Free and very flexible, you can chose which cookies to keep


    Also PLEASE read this article.....So How Did I Get Infected In The First Place

    The last and most important thing I can tell you is UPDATE.
    If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

    If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


    If you could post back one more time to let me know everything is OK, then I can have this thread archived.

    Happy surfing K'
This discussion has been closed.