Troj_bozy.a...??

I can not find n e info on this and I have it
Avanquest finds it, says its cleaned it but it keeps comming back up as dirty
it is n C:\windns.exe
also saw something that said taskmngr.exe...

ok...i just went to add n remove (XP) and i have MAYB 15 programs installed and in the start menu it lists over 4-5 columns...whats goin on
they are all there plus a few i dont remember in program files tho

 

Hi NmymindDzine

Please download and install HijackThis and Run a scan then close HJT, then run Deckard's System Scanner and post the main.txt log here. Links and instructions here.

Thanks
Geri

 

hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:03:44 AM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
D:\MXTask.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
D:\mxtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\Logishrd\LQCVFX\COCIMA~1.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\msiexec.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\LinkScannerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [VirusScannerPro] D:\MemCheck.exe
O4 - HKLM\..\Run: [Task manager] taskmngr.exe
O4 - HKLM\..\RunServices: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Update] rxbot2.exe
O4 - HKCU\..\Run: [Task manager] taskmngr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MS\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MS\Office12\REFIEBAR.DLL
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - D:\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 5880 bytes

deckard log

Deckard's System Scanner v20071014.68
Run by sASSy on 2008-03-22 06:04:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
71: 2008-03-22 11:04:30 UTC - RP129 - Deckard's System Scanner Restore Point
70: 2008-03-20 22:16:10 UTC - RP128 - Installed SystemSuite 8 Professional
69: 2008-03-20 21:45:09 UTC - RP127 - Made by Registry Mechanic O
68: 2008-03-20 10:56:41 UTC - RP126 - System Checkpoint
67: 2008-03-19 10:40:18 UTC - RP125 - System Checkpoint


-- First Restore Point --
1: 2008-01-31 02:08:19 UTC - RP59 - System Checkpoint


Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as sASSy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:00 AM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
D:\MXTask.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
D:\mxtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\Logishrd\LQCVFX\COCIMA~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\sASSy\Desktop\dss.exe
C:\sASSy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\LinkScannerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [VirusScannerPro] D:\MemCheck.exe
O4 - HKLM\..\Run: [Task manager] taskmngr.exe
O4 - HKLM\..\RunServices: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Update] rxbot2.exe
O4 - HKCU\..\Run: [Task manager] taskmngr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MS\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MS\Office12\REFIEBAR.DLL
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - D:\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 5895 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - D:\New Folder\Dreamweaver MX\Dreamweaver.exe,2
.js - JSFile - shell\open\command - "D:\New Folder\Dreamweaver MX\Dreamweaver.exe" "%1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 BANTExt (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 KFilter - d:\new folder\kfilter.sys <Not Verified; Avanquest Software USA, Inc.; SystemSuite>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 epatap2k (SCM Parallel Port ATAPI Driver) - c:\windows\system32\drivers\epatap2k.sys <Not Verified; SCM Microsystems Inc.; Parallel port ATAPI driver>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 Tablet2k (Serial Tablet Port Driver) - "c:\windows\system32\drivers\tablet2k.sys" (file missing)
S3 TClass2k (Tablet Class Driver) - c:\windows\system32\drivers\tclass2k.sys <Not Verified; Tablet Driver; Tablet Class Driver for Win2000/XP>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 UCTblHid (HID Tablet Port Driver) - c:\windows\system32\drivers\uctblhid.sys <Not Verified; Tablet Driver; HID Tablet Filter Driver For Win2000/XP>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S2 StyleXPService -
S3 WinTabService (WinTab Service) - c:\windows\system32\drivers\wtsrv.exe <Not Verified; Tablet Driver; Tablet Driver for Win2000/XP>
S4 PRISMSVC - c:\windows\system32\prismsvc.exe <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0002
Manufacturer: Microsoft
Name: Motorola SURFboard SB5100 USB Cable Modem - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0002
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0004
Manufacturer: Microsoft
Name: Motorola SURFboard 4200 USB Cable Modem - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0004
Service: PSched

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Packet Scheduler Miniport
Device ID: ROOT\MS_PSCHEDMP\0005
Manufacturer: Microsoft
Name: Motorola SURFboard SB5120 USB Cable Modem - Packet Scheduler Miniport
PNP Device ID: ROOT\MS_PSCHEDMP\0005
Service: PSched

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: SCM PPort ATAPI Adapter
Device ID: ROOT\UNKNOWN\0001
Manufacturer: SCM Corporation
Name: SCM PPort ATAPI Adapter
PNP Device ID: ROOT\UNKNOWN\0001
Service: epatap2k


-- Scheduled Tasks -------------------------------------------------------------

2008-03-21 17:15:00 320 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-02-22 and 2008-03-22 -----------------------------

2008-03-22 06:05:52 396288 --a------ C:\sASSy.exe <Not Verified; Trend Micro Inc.; HijackThis>
2008-03-22 06:03:30 396288 --a------ C:\HijackThis.exe <HIJACK~1.EXE> <Not Verified; Trend Micro Inc.; HijackThis>
2008-03-18 08:36:54 0 d------c- C:\Documents and Settings\NetworkService\Application Data\Avanquest
2008-03-18 05:23:52 0 d------c- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-03-18 05:23:22 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-18 05:21:27 0 dr-hs---- C:\_Backup.RC
2008-03-18 05:21:25 0 d--h----- C:\_Backup
2008-03-18 05:20:06 0 d------c- C:\Documents and Settings\sASSy\Application Data\Avanquest
2008-03-18 02:16:07 0 d------c- C:\Documents and Settings\sASSy\Application Data\ImgBurn
2008-03-18 02:08:47 0 d-------- C:\Program Files\ImgBurn
2008-03-18 01:38:14 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-03-18 01:38:14 0 d-------- C:\Program Files\Belarc
2008-03-18 01:27:41 0 d-------- C:\Program Files\Dell
2008-03-18 01:27:40 0 d-------- C:\WINDOWS\system32\Dell
2008-03-15 16:17:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-15 16:06:50 0 d-------- C:\Program Files\Microsoft.NET
2008-03-15 16:04:26 0 d-------- C:\Program Files\Microsoft SQL Server
2008-03-15 08:52:27 118785 --a------ C:\WINDOWS\system32\rxbot2.exe
2008-03-15 08:52:27 237057 --a------ C:\WINDOWS\system32\Office [Keygen].exe
2008-03-14 09:41:43 0 d-------- C:\Documents and Settings\All Users\Torrents
2008-03-14 09:39:23 0 d-------- C:\Program Files\Conduit
2008-03-14 09:39:22 0 d-------- C:\Program Files\The_Pirate_Bay
2008-03-14 05:24:31 0 d------c- C:\Documents and Settings\sASSy\Application Data\BitTorrent
2008-03-14 05:24:27 0 d-------- C:\Program Files\BitTorrent
2008-03-10 16:27:44 0 d-------- C:\Program Files\inKline Global
2008-03-10 07:59:28 0 d-------- C:\Program Files\Lavasoft
2008-03-08 13:42:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-03-08 13:42:51 49152 --a------ C:\WINDOWS\system32\StopServer.exe
2008-03-08 13:42:51 381014 --a------ C:\WINDOWS\system32\PRISMSVR.exe <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>
2008-03-08 13:42:51 61526 --a------ C:\WINDOWS\system32\PRISMSVC.exe <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>
2008-03-08 13:42:51 450646 --a------ C:\WINDOWS\system32\PRISMAPI.dll <Not Verified; Conexant Systems, Inc.; PRISM Wireless LAN>
2008-03-08 13:42:50 0 d-------- C:\Program Files\Dell Wireless
2008-03-08 13:42:33 1396827 --a------ C:\WINDOWS\system32\PRISME5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-03-08 13:31:58 0 d------c- C:\Documents and Settings\sASSy\Application Data\InstallShield
2008-03-08 13:13:29 0 d-------- C:\Drivers
2008-03-05 15:56:28 44928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS <Not Verified; Panda Software; Panda® Antivirus>
2008-03-04 16:58:01 0 d-------- C:\Program Files\Blender Foundation
2008-03-04 16:19:29 0 d-------- C:\Program Files\MSECache
2008-02-28 09:00:22 0 d-------- C:\Documents and Settings\Sam & Josh\Application Data\Identities
2008-02-28 09:00:14 0 d--h----- C:\Documents and Settings\Sam & Josh\NetHood
2008-02-28 09:00:14 0 dr------- C:\Documents and Settings\Sam & Josh\My Documents
2008-02-28 09:00:14 0 d--h----- C:\Documents and Settings\Sam & Josh\Local Settings
2008-02-28 09:00:14 0 dr------- C:\Documents and Settings\Sam & Josh\Favorites
2008-02-28 09:00:14 0 d-------- C:\Documents and Settings\Sam & Josh\Desktop
2008-02-28 09:00:14 0 d--hs---- C:\Documents and Settings\Sam & Josh\Cookies
2008-02-28 09:00:14 0 dr-h----- C:\Documents and Settings\Sam & Josh\Application Data
2008-02-28 09:00:14 0 d---s---- C:\Documents and Settings\Sam & Josh\Application Data\Microsoft
2008-02-28 09:00:13 0 d--h----- C:\Documents and Settings\Sam & Josh\Templates
2008-02-28 09:00:13 0 dr------- C:\Documents and Settings\Sam & Josh\Start Menu
2008-02-28 09:00:13 0 dr-h----- C:\Documents and Settings\Sam & Josh\SendTo
2008-02-28 09:00:13 0 dr-h----- C:\Documents and Settings\Sam & Josh\Recent
2008-02-28 09:00:13 0 d--h----- C:\Documents and Settings\Sam & Josh\PrintHood
2008-02-28 09:00:13 786432 --ah----- C:\Documents and Settings\Sam & Josh\NTUSER.DAT
2008-02-28 08:51:45 0 d------c- C:\Documents and Settings\sASSy\Shared
2008-02-28 08:51:04 0 d-------- C:\Documents and Settings\All Users\Shared


-- Find3M Report ---------------------------------------------------------------

2008-03-22 05:57:55 0 d-------- C:\Program Files\Hijack This
2008-03-19 07:51:10 5032 --a----c- C:\Documents and Settings\sASSy\Application Data\wklnhst.dat
2008-03-19 07:03:51 119048 --a----c- C:\Documents and Settings\sASSy\Application Data\GDIPFONTCACHEV1.DAT
2008-03-19 01:34:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-18 11:22:15 0 d------c- C:\Documents and Settings\sASSy\Application Data\LimeWire
2008-03-18 02:02:53 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-16 00:31:53 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-03-16 00:31:42 0 d-------- C:\Program Files\Logitech
2008-03-15 16:22:15 0 d-------- C:\Program Files\Microsoft Works
2008-03-14 08:16:32 0 d------c- C:\Documents and Settings\sASSy\Application Data\Identities
2008-03-10 18:48:56 0 d------c- C:\Documents and Settings\sASSy\Application Data\Roxio
2008-03-10 16:27:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-10 03:41:18 6144 --ahs--c- C:\Documents and Settings\sASSy\Application Data\Thumbs.db
2008-03-06 14:00:12 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-06 04:36:50 0 d-------- C:\Program Files\Java
2008-03-05 17:18:20 0 d-------- C:\Program Files\Windows SteadyState
2008-02-18 16:15:26 0 d-------- C:\Program Files\Microsoft Silverlight
2008-02-16 12:46:54 0 d-------- C:\Program Files\Common Files\Jasc Software Inc
2008-02-16 12:46:31 0 d-------- C:\Program Files\Common Files
2008-02-16 12:46:03 0 d------c- C:\Documents and Settings\sASSy\Application Data\Jasc Software Inc
2008-02-14 11:13:26 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-29 18:54:40 0 d------c- C:\Documents and Settings\sASSy\Application Data\Adobe
2008-01-11 01:18:03 262144 --a------ C:\WINDOWS\system32\default_user_class.dat
2008-01-08 06:54:51 72748 --a------ C:\WINDOWS\unins001.exe <Not Verified; Jordan Russell; >
2008-01-08 06:54:51 787 --a------ C:\WINDOWS\unins001.dat
2008-01-08 06:54:38 72748 --a------ C:\WINDOWS\unins000.exe <Not Verified; Jordan Russell; >
2008-01-08 06:54:38 787 --a------ C:\WINDOWS\unins000.dat
2008-01-04 18:53:57 1134459 --a------ C:\WINDOWS\juelZ.scr <Not Verified; Xara Group Ltd.; XaraCube Screen Saver>
2008-01-04 16:08:35 700416 --a------ C:\StubInstaller.exe <STUBIN~1.EXE> <Not Verified; LimeWire; LimeWire swarmed installer>
2008-01-04 09:32:12 377856 --a------ C:\WINDOWS\throb.scr <Not Verified; Xara Group Ltd.; Xara3D Screen Saver>
2008-01-04 09:31:13 1246720 --a------ C:\WINDOWS\FMGREG.scr <Not Verified; Xara Group Ltd.; Xara3D Screen Saver>
2008-01-04 09:12:35 1338151 --a------ C:\WINDOWS\gregs.scr <Not Verified; Xara Group Ltd.; XaraCube Screen Saver>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
03/13/2008 10:30 AM 1524248 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6} "= C:\Program Files\The_Pirate_Bay\tbThe_.dll [03/13/2008 10:30 AM 1524248]

[-HKEY_CLASSES_ROOT\CLSID\{A33FA729-D155-4B23-842B-2C665ECABDB6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [06/22/2005 12:48 AM]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [06/22/2005 12:44 AM]
"Microsoft Update "= "rxbot2.exe" [03/15/2008 08:52 AM C:\WINDOWS\system32\rxbot2.exe]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"VirusScannerPro "= "D:\MemCheck.exe" [09/11/2007 02:32 AM]
"Task manager "= "taskmngr.exe" [06/13/2007 05:23 AM C:\WINDOWS\system32\taskmngr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [05/09/2007 10:09 AM]
"Microsoft Update "= "rxbot2.exe" [03/15/2008 08:52 AM C:\WINDOWS\system32\rxbot2.exe]
"Task manager "= "taskmngr.exe" [06/13/2007 05:23 AM C:\WINDOWS\system32\taskmngr.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Update "=rxbot2.exe
"Task manager "=taskmngr.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun "=0 (0x0)
"DisableLocalMachineRunOnce "=0 (0x0)
"DisableCurrentUserRun "=0 (0x0)
"DisableCurrentUserRunOnce "=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Bubble "= "%ProgramFiles%\Windows SteadyState\Bubble.exe "
"Logitech Utility "=Logi_MwX.Exe
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"RegistryMechanic "=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2be3e561-deee-11db-b772-00038a000015}]




-- End of Deckard's System Scanner: finished at 2008-03-22 06:07:25 ------------

 

Hi

Download ComboFix from [color= "Red"]Here[/color] to your Desktop.

It's best to disable realtime protection applications as they sometimes interfere with the tool.
Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

Please post the combofix log.

Thanks
Geri

 

combo fix

ComboFix 08-03-22.1 - sASSy 2008-03-22 12:42:27.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.133 [GMT -5:00]
Running from: C:\Documents and Settings\sASSy\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 06:05 . 2008-03-22 06:03 396,288 --a------ C:\sASSy.exe
2008-03-22 06:04 . 2008-03-22 06:04 <DIR> d-------- C:\Deckard
2008-03-22 06:03 . 2008-03-22 06:03 396,288 --a------ C:\HijackThis.exe
2008-03-18 08:36 . 2008-03-18 08:36 <DIR> d----c--- C:\Documents and Settings\NetworkService\Application Data\Avanquest
2008-03-18 05:23 . 2008-03-18 05:23 <DIR> d----c--- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-03-18 05:23 . 2008-03-18 05:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-18 05:21 . 2008-03-18 05:21 <DIR> dr-hs---- C:\_Backup.RC
2008-03-18 05:21 . 2008-03-18 05:41 <DIR> d--h----- C:\_Backup
2008-03-18 05:20 . 2008-03-18 05:20 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\Avanquest
2008-03-18 02:16 . 2008-03-18 02:26 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\ImgBurn
2008-03-18 02:08 . 2008-03-18 02:08 <DIR> d-------- C:\Program Files\ImgBurn
2008-03-18 01:38 . 2008-03-18 01:38 <DIR> d-------- C:\Program Files\Belarc
2008-03-18 01:38 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-03-18 01:27 . 2008-03-18 01:27 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-03-18 01:27 . 2008-03-18 01:27 <DIR> d-------- C:\Program Files\Dell
2008-03-15 16:17 . 2008-03-16 03:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-15 16:06 . 2008-03-15 16:20 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-15 16:04 . 2008-03-15 16:13 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-15 08:52 . 2008-03-15 16:28 237,057 --a------ C:\WINDOWS\system32\Office [Keygen].exe
2008-03-15 08:52 . 2008-03-15 08:52 118,785 --a------ C:\WINDOWS\system32\rxbot2.exe
2008-03-14 09:41 . 2008-03-14 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Torrents
2008-03-14 09:39 . 2008-03-14 09:39 <DIR> d-------- C:\Program Files\The_Pirate_Bay
2008-03-14 09:39 . 2008-03-14 09:39 <DIR> d-------- C:\Program Files\Conduit
2008-03-14 05:24 . 2008-03-14 05:24 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-14 05:24 . 2008-03-21 06:32 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\BitTorrent
2008-03-10 16:27 . 2008-03-10 16:27 <DIR> d-------- C:\Program Files\inKline Global
2008-03-10 07:59 . 2008-03-10 07:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-08 13:42 . 2008-03-08 13:42 <DIR> d-------- C:\Program Files\Dell Wireless
2008-03-08 13:42 . 2008-03-08 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-03-08 13:42 . 2005-10-12 01:05 1,396,827 --a------ C:\WINDOWS\system32\PRISME5.dll
2008-03-08 13:42 . 2005-10-16 17:30 450,646 --a------ C:\WINDOWS\system32\PRISMAPI.dll
2008-03-08 13:42 . 2005-10-17 02:47 381,014 --a------ C:\WINDOWS\system32\PRISMSVR.exe
2008-03-08 13:42 . 2005-10-16 17:40 61,526 --a------ C:\WINDOWS\system32\PRISMSVC.exe
2008-03-08 13:42 . 2005-11-15 13:59 49,152 --a------ C:\WINDOWS\system32\StopServer.exe
2008-03-08 13:42 . 2005-10-12 01:04 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-08 13:31 . 2008-03-08 13:31 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\InstallShield
2008-03-08 13:17 . 2005-06-22 00:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-08 13:13 . 2008-03-08 13:13 <DIR> d-------- C:\Drivers
2008-03-05 15:56 . 2007-06-05 11:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-04 16:58 . 2008-03-04 16:58 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-04 16:19 . 2008-03-04 16:19 <DIR> d-------- C:\Program Files\MSECache
2008-02-28 08:51 . 2008-03-18 11:21 <DIR> d----c--- C:\Documents and Settings\sASSy\Shared
2008-02-28 08:51 . 2008-03-18 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-22 10:57 --------- d-----w C:\Program Files\Hijack This
2008-03-22 00:35 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-03-22 00:35 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-03-19 12:51 5,032 -c--a-w C:\Documents and Settings\sASSy\Application Data\wklnhst.dat
2008-03-19 12:03 119,048 -c--a-w C:\Documents and Settings\sASSy\Application Data\GDIPFONTCACHEV1.DAT
2008-03-19 06:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-18 16:22 --------- dc----w C:\Documents and Settings\sASSy\Application Data\LimeWire
2008-03-18 07:02 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-16 05:31 --------- d-----w C:\Program Files\Logitech
2008-03-16 05:31 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-03-16 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-03-15 21:22 --------- d-----w C:\Program Files\Microsoft Works
2008-03-14 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-10 23:48 --------- dc----w C:\Documents and Settings\sASSy\Application Data\Roxio
2008-03-10 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 19:00 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-06 09:36 --------- d-----w C:\Program Files\Java
2008-03-05 22:18 --------- d-----w C:\Program Files\Windows SteadyState
2008-02-18 21:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 17:46 --------- dc----w C:\Documents and Settings\sASSy\Application Data\Jasc Software Inc
2008-02-16 17:46 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
2008-02-14 16:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-09 15:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 18:15 29,600 ----a-w C:\WINDOWS\system32\mxntdfg.exe
2008-01-23 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-08 11:54 72,748 ----a-w C:\WINDOWS\unins001.exe
2008-01-08 11:54 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-01-04 23:53 1,134,459 ----a-w C:\WINDOWS\juelZ.scr
2008-01-04 21:08 700,416 ----a-w C:\StubInstaller.exe
2008-01-04 14:32 377,856 ----a-w C:\WINDOWS\throb.scr
2008-01-04 14:31 1,246,720 ----a-w C:\WINDOWS\FMGREG.scr
2008-01-04 14:12 1,338,151 ----a-w C:\WINDOWS\gregs.scr
2008-01-02 20:50 277 ----a-w C:\WINDOWS\Fonts\must_read.txt
2008-01-02 20:43 624 ----a-w C:\WINDOWS\Fonts\babe.txt
2008-01-02 20:36 23,496 ----a-w C:\WINDOWS\Fonts\norp_icons_1.zip
2008-01-02 20:36 181,762 ----a-w C:\WINDOWS\Fonts\darrians_sexy_silho.zip
2008-01-02 20:36 11,318 ----a-w C:\WINDOWS\Fonts\48ways.zip
2008-01-02 20:35 39,209 ----a-w C:\WINDOWS\Fonts\strip_letter_1.zip
2008-01-02 20:35 196,323 ----a-w C:\WINDOWS\Fonts\alpha_silouettes.zip
2008-01-02 20:35 14,300 ----a-w C:\WINDOWS\Fonts\group_sex.zip
2008-01-02 20:34 31,383 ----a-w C:\WINDOWS\Fonts\fuzzy_cootie.zip
2008-01-02 20:34 154,494 ----a-w C:\WINDOWS\Fonts\sexy_spanish_woman_siluetas.zip
2008-01-02 20:33 64,778 ----a-w C:\WINDOWS\Fonts\vintage_erotique.zip
2008-01-02 20:33 258,930 ----a-w C:\WINDOWS\Fonts\wc_fetish_bta.zip
2008-01-02 20:33 137,468 ----a-w C:\WINDOWS\Fonts\comix_cuties.zip
2007-10-18 09:18 612,352 ----a-w C:\Program Files\posteriza.exe
2007-09-24 12:56 9 -c--a-w C:\Documents and Settings\sASSy\Application Data\local.lng.dat
2006-02-25 09:58 430,406 ------w C:\Program Files\whois.exe
2005-10-04 03:55 2,267,015 ------w C:\Program Files\setup_ca_en.execal.exe
2005-08-22 19:33 68,918 -c--a-w C:\Program Files\procexp.chm
2005-08-22 19:29 1,238,544 ----a-w C:\Program Files\procexp.exe
2004-01-05 16:12 1,293 -c--a-w C:\Program Files\README.TXT
2005-05-13 23:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2007-10-18 09:28 87,040 --sha-w C:\WINDOWS\MOTA113.exe
2007-10-18 09:36 442,880 --sha-w C:\WINDOWS\x2.64.exe
2005-10-08 01:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2007-06-13 10:23 681,018 --sh--r C:\WINDOWS\system32\taskmngr.exe
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-03-13 10:30 1524248 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A33FA729-D155-4B23-842B-2C665ECABDB6} "= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-03-13 10:30 1524248]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6} "= C:\Program Files\The_Pirate_Bay\tbThe_.dll [2008-03-13 10:30 1524248]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-09 10:09 68856]
"Task manager "= "taskmngr.exe" [2007-06-13 05:23 681018 C:\WINDOWS\system32\taskmngr.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 00:48 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 00:44 126976]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"VirusScannerPro "= "D:\MemCheck.exe" [2008-02-01 03:05 173312]
"Task manager "= "taskmngr.exe" [2007-06-13 05:23 681018 C:\WINDOWS\system32\taskmngr.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Microsoft Update "= "rxbot2.exe" [2008-03-15 08:52 118785 C:\WINDOWS\system32\rxbot2.exe]
"Task manager "= "taskmngr.exe" [2007-06-13 05:23 681018 C:\WINDOWS\system32\taskmngr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCurrentUserRun "= 0 (0x0)
"DisableCurrentUserRunOnce "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Bubble "= "%ProgramFiles%\Windows SteadyState\Bubble.exe "
"Logitech Utility "=Logi_MwX.Exe
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"RegistryMechanic "=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe "=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe "=
"C:\\Program Files\\JAlbum7.3\\JAlbumWin.exe "=
"C:\\WINDOWS\\system32\\lxcgcoms.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"D:\\Limewire\\LimeWire.exe "=
"C:\\Program Files\\BitTorrent\\bittorrent.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP "= 8080:TCP:8080
"8090:TCP "= 8090:TCP:8090

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R2 Windows SteadyState;Windows SteadyState Service; "C:\Program Files\Windows SteadyState\SCTSvc.exe" [2007-06-05 16:56]
R3 KFilter;KFilter;D:\KFilter.sys [2008-01-31 13:11]
R3 MailScan;MailScan;D:\MailScan.sys [2008-02-01 03:05]
R3 TFilter;TFilter;D:\TFilter.sys [2008-01-31 11:11]
S3 epatap2k;SCM Parallel Port ATAPI Driver;C:\WINDOWS\system32\DRIVERS\epatap2k.sys [2000-03-17 21:27]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 04:50]
S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2005-10-16 17:40]
S4 SQLWriter;SQL Server VSS Writer; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

*Newly Created Service* - MAILSCAN
*Newly Created Service* - SYSTEMSUITE_TASK_MANAGER
*Newly Created Service* - TFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- D:\Tune up\OneClick.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
Completion time: 2008-03-22 13:24:06
ComboFix-quarantined-files.txt 2008-03-22 18:23:11
ComboFix2.txt 2008-01-18 11:24:44
ComboFix3.txt 2008-01-12 09:09:25
ComboFix4.txt 2008-01-10 01:21:13
ComboFix5.txt 2007-10-15 13:38:35
.
2008-03-16 08:02:04 --- E O F ---



hijack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:30:32 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\rxbot2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\taskmngr.exe
C:\PROGRA~1\COMMON~1\Logishrd\LQCVFX\COCIMA~1.EXE
D:\MXTask.exe
D:\mxtask.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\LinkScannerIE.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O3 - Toolbar: The Pirate Bay Toolbar - {a33fa729-d155-4b23-842b-2c665ecabdb6} - C:\Program Files\The_Pirate_Bay\tbThe_.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [VirusScannerPro] D:\MemCheck.exe
O4 - HKLM\..\Run: [Task manager] taskmngr.exe
O4 - HKLM\..\RunServices: [Microsoft Update] rxbot2.exe
O4 - HKLM\..\RunServices: [Task manager] taskmngr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Task manager] taskmngr.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MS\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save to &Xdrive - C:\Documents and Settings\sASSy\Application Data\Xdrive\Skip the Download\std.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MS\Office12\REFIEBAR.DLL
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2a\RpcSandraSrv.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - D:\MXTask.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\system32\DRIVERS\WtSrv.exe

--
End of file - 6183 bytes

 

Hi NmymindDzine

Why did you not finish up here with noahdfear?
http://www.windowsbbs.com/showthread.php?t=70249
When starting a thread here you need to go to completion, until you are told that you are clean.

I see you have P2P software ([color= "Red"] Limewire, BitTorrent uTorrent etc… [/color]) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here,
here and here.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

Note: Please be advised that continued use of these programs after being warned of the dangers of infections from them, may result in the discontinued help of cleaning your system here at Windowsbbs Virus and Spyware removal.

Now please do this.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
Click here to see how to use CFScript.txt
Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Code:

File::
C:\WINDOWS\system32\Office Keygen.exe
C:\WINDOWS\system32\drivers\lvuvc.hs

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Task manager "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "Task manager "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
 "Microsoft Update "=-
 "Task manager "=-

Collect::[22]
C:\WINDOWS\system32\rxbot2.exe 

Please note that I have instructed CFScript to collect some files. ( rxbot2.exe ) This means that at some point, likely after reboot when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created on your desktop. The zip contains the aforementioned file(s). Please copy the path shown in the prompt and paste it into the box, then click Send. This will assist with evaluation of the file. Thanks!

Please post the CFScript log.

Thanks
Geri

 

I have only 12 programs listed in add and remove when I bring it up....theres over 4 columns in the start menu
I cant uninstall practically n ething
Noah was showing me how to reinstall the recovery panel if thats what you meant, I finished the clean up part and just never got around to reinstalling it with Combo Fix....real life gets in the way sumtimes. If I can repopulate my add and remove list I will uninstall the bit torrent clients. I think 1 is listed but not the other.

 

Hi NmymindDzine

OK we'll work on the add/remove list, but please do the combofix script first and post the log.

The infection "may" be causing the problem.

Thanks
Geri

 

ComboFix 08-03-22.1 - sASSy 2008-03-22 23:13:08.13 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.138 [GMT -5:00]
Running from: C:\Documents and Settings\sASSy\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\sASSy\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\Office Keygen.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\lvuvc.hs
C:\WINDOWS\system32\rxbot2.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-22 06:05 . 2008-03-22 06:03 396,288 --a------ C:\sASSy.exe
2008-03-22 06:04 . 2008-03-22 06:04 <DIR> d-------- C:\Deckard
2008-03-22 06:03 . 2008-03-22 06:03 396,288 --a------ C:\HijackThis.exe
2008-03-18 08:36 . 2008-03-18 08:36 <DIR> d----c--- C:\Documents and Settings\NetworkService\Application Data\Avanquest
2008-03-18 05:23 . 2008-03-18 05:23 <DIR> d----c--- C:\Documents and Settings\LocalService\Application Data\Avanquest
2008-03-18 05:23 . 2008-03-18 05:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-18 05:21 . 2008-03-18 05:21 <DIR> dr-hs---- C:\_Backup.RC
2008-03-18 05:21 . 2008-03-18 05:41 <DIR> d--h----- C:\_Backup
2008-03-18 05:20 . 2008-03-18 05:20 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\Avanquest
2008-03-18 02:16 . 2008-03-18 02:26 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\ImgBurn
2008-03-18 02:08 . 2008-03-18 02:08 <DIR> d-------- C:\Program Files\ImgBurn
2008-03-18 01:38 . 2008-03-18 01:38 <DIR> d-------- C:\Program Files\Belarc
2008-03-18 01:38 . 2008-02-27 13:49 3,840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-03-18 01:27 . 2008-03-18 01:27 <DIR> d-------- C:\WINDOWS\system32\Dell
2008-03-18 01:27 . 2008-03-18 01:27 <DIR> d-------- C:\Program Files\Dell
2008-03-15 16:17 . 2008-03-16 03:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-15 16:06 . 2008-03-15 16:20 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-15 16:04 . 2008-03-15 16:13 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-15 08:52 . 2008-03-15 16:28 237,057 --a------ C:\WINDOWS\system32\Office [Keygen].exe
2008-03-14 09:41 . 2008-03-14 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Torrents
2008-03-14 09:39 . 2008-03-14 09:39 <DIR> d-------- C:\Program Files\The_Pirate_Bay
2008-03-14 09:39 . 2008-03-14 09:39 <DIR> d-------- C:\Program Files\Conduit
2008-03-14 05:24 . 2008-03-14 05:24 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-14 05:24 . 2008-03-22 14:18 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\BitTorrent
2008-03-10 16:27 . 2008-03-10 16:27 <DIR> d-------- C:\Program Files\inKline Global
2008-03-10 07:59 . 2008-03-10 07:59 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-08 13:42 . 2008-03-08 13:42 <DIR> d-------- C:\Program Files\Dell Wireless
2008-03-08 13:42 . 2008-03-08 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prism
2008-03-08 13:42 . 2005-10-12 01:05 1,396,827 --a------ C:\WINDOWS\system32\PRISME5.dll
2008-03-08 13:42 . 2005-10-16 17:30 450,646 --a------ C:\WINDOWS\system32\PRISMAPI.dll
2008-03-08 13:42 . 2005-10-17 02:47 381,014 --a------ C:\WINDOWS\system32\PRISMSVR.exe
2008-03-08 13:42 . 2005-10-16 17:40 61,526 --a------ C:\WINDOWS\system32\PRISMSVC.exe
2008-03-08 13:42 . 2005-11-15 13:59 49,152 --a------ C:\WINDOWS\system32\StopServer.exe
2008-03-08 13:42 . 2005-10-12 01:04 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-08 13:31 . 2008-03-08 13:31 <DIR> d----c--- C:\Documents and Settings\sASSy\Application Data\InstallShield
2008-03-08 13:17 . 2005-06-22 00:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-08 13:13 . 2008-03-08 13:13 <DIR> d-------- C:\Drivers
2008-03-05 15:56 . 2007-06-05 11:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-03-04 16:58 . 2008-03-04 16:58 <DIR> d-------- C:\Program Files\Blender Foundation
2008-03-04 16:19 . 2008-03-04 16:19 <DIR> d-------- C:\Program Files\MSECache
2008-02-28 08:51 . 2008-03-18 11:21 <DIR> d----c--- C:\Documents and Settings\sASSy\Shared
2008-02-28 08:51 . 2008-03-18 11:37 <DIR> d-------- C:\Documents and Settings\All Users\Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-22 10:57 --------- d-----w C:\Program Files\Hijack This
2008-03-22 00:35 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-03-19 12:51 5,032 -c--a-w C:\Documents and Settings\sASSy\Application Data\wklnhst.dat
2008-03-19 12:03 119,048 -c--a-w C:\Documents and Settings\sASSy\Application Data\GDIPFONTCACHEV1.DAT
2008-03-19 06:34 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-18 16:22 --------- dc----w C:\Documents and Settings\sASSy\Application Data\LimeWire
2008-03-18 07:02 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-03-16 05:31 --------- d-----w C:\Program Files\Logitech
2008-03-16 05:31 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-03-16 05:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-03-15 21:22 --------- d-----w C:\Program Files\Microsoft Works
2008-03-14 10:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-03-10 23:48 --------- dc----w C:\Documents and Settings\sASSy\Application Data\Roxio
2008-03-10 21:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-06 19:00 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-03-06 09:36 --------- d-----w C:\Program Files\Java
2008-03-05 22:18 --------- d-----w C:\Program Files\Windows SteadyState
2008-02-18 21:15 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-16 17:46 --------- dc----w C:\Documents and Settings\sASSy\Application Data\Jasc Software Inc
2008-02-16 17:46 --------- d-----w C:\Program Files\Common Files\Jasc Software Inc
2008-02-14 16:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-09 15:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-31 18:15 29,600 ----a-w C:\WINDOWS\system32\mxntdfg.exe
2008-01-23 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-01-08 11:54 72,748 ----a-w C:\WINDOWS\unins001.exe
2008-01-08 11:54 72,748 ----a-w C:\WINDOWS\unins000.exe
2008-01-04 23:53 1,134,459 ----a-w C:\WINDOWS\juelZ.scr
2008-01-04 21:08 700,416 ----a-w C:\StubInstaller.exe
2008-01-04 14:32 377,856 ----a-w C:\WINDOWS\throb.scr
2008-01-04 14:31 1,246,720 ----a-w C:\WINDOWS\FMGREG.scr
2008-01-04 14:12 1,338,151 ----a-w C:\WINDOWS\gregs.scr
2008-01-02 20:50 277 ----a-w C:\WINDOWS\Fonts\must_read.txt
2008-01-02 20:43 624 ----a-w C:\WINDOWS\Fonts\babe.txt
2008-01-02 20:36 23,496 ----a-w C:\WINDOWS\Fonts\norp_icons_1.zip
2008-01-02 20:36 181,762 ----a-w C:\WINDOWS\Fonts\darrians_sexy_silho.zip
2008-01-02 20:36 11,318 ----a-w C:\WINDOWS\Fonts\48ways.zip
2008-01-02 20:35 39,209 ----a-w C:\WINDOWS\Fonts\strip_letter_1.zip
2008-01-02 20:35 196,323 ----a-w C:\WINDOWS\Fonts\alpha_silouettes.zip
2008-01-02 20:35 14,300 ----a-w C:\WINDOWS\Fonts\group_sex.zip
2008-01-02 20:34 31,383 ----a-w C:\WINDOWS\Fonts\fuzzy_cootie.zip
2008-01-02 20:34 154,494 ----a-w C:\WINDOWS\Fonts\sexy_spanish_woman_siluetas.zip
2008-01-02 20:33 64,778 ----a-w C:\WINDOWS\Fonts\vintage_erotique.zip
2008-01-02 20:33 258,930 ----a-w C:\WINDOWS\Fonts\wc_fetish_bta.zip
2008-01-02 20:33 137,468 ----a-w C:\WINDOWS\Fonts\comix_cuties.zip
2007-10-18 09:18 612,352 ----a-w C:\Program Files\posteriza.exe
2007-09-24 12:56 9 -c--a-w C:\Documents and Settings\sASSy\Application Data\local.lng.dat
2006-02-25 09:58 430,406 ------w C:\Program Files\whois.exe
2005-10-04 03:55 2,267,015 ------w C:\Program Files\setup_ca_en.execal.exe
2005-08-22 19:33 68,918 -c--a-w C:\Program Files\procexp.chm
2005-08-22 19:29 1,238,544 ----a-w C:\Program Files\procexp.exe
2004-01-05 16:12 1,293 -c--a-w C:\Program Files\README.TXT
2005-05-13 23:12 217,073 -csha-r C:\WINDOWS\meta4.exe
2007-10-18 09:28 87,040 --sha-w C:\WINDOWS\MOTA113.exe
2007-10-18 09:36 442,880 --sha-w C:\WINDOWS\x2.64.exe
2005-10-08 01:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 18:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 21:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 16:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2007-06-13 10:23 681,018 --sh--r C:\WINDOWS\system32\taskmngr.exe
2005-02-28 19:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 06:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a33fa729-d155-4b23-842b-2c665ecabdb6}]
2008-03-13 10:30 1524248 --a------ C:\Program Files\The_Pirate_Bay\tbThe_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A33FA729-D155-4B23-842B-2C665ECABDB6} "= "C:\Program Files\The_Pirate_Bay\tbThe_.dll" [2008-03-13 10:30 1524248]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A33FA729-D155-4B23-842B-2C665ECABDB6} "= C:\Program Files\The_Pirate_Bay\tbThe_.dll [2008-03-13 10:30 1524248]

[HKEY_CLASSES_ROOT\clsid\{a33fa729-d155-4b23-842b-2c665ecabdb6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-09 10:09 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"IgfxTray "= "C:\WINDOWS\system32\igfxtray.exe" [2005-06-22 00:48 155648]
"HotKeysCmds "= "C:\WINDOWS\system32\hkcmd.exe" [2005-06-22 00:44 126976]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"VirusScannerPro "= "D:\MemCheck.exe" [2008-02-01 03:05 173312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM "= "C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 20:47 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"DisableCurrentUserRun "= 0 (0x0)
"DisableCurrentUserRunOnce "= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6 "= "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
"MySpaceIM "=C:\Program Files\MySpace\IM\MySpaceIM.exe
"swg "=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechCommunicationsManager "= "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe "
"LogitechQuickCamRibbon "= "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
"Bubble "= "%ProgramFiles%\Windows SteadyState\Bubble.exe "
"Logitech Utility "=Logi_MwX.Exe
"Adobe Reader Speed Launcher "= "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" -atboottime
"RegistryMechanic "=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\iexplore.exe "=
"C:\\Program Files\\Paltalk Messenger\\paltalk.exe "=
"C:\\Program Files\\JAlbum7.3\\JAlbumWin.exe "=
"C:\\WINDOWS\\system32\\lxcgcoms.exe "=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"D:\\Limewire\\LimeWire.exe "=
"C:\\Program Files\\BitTorrent\\bittorrent.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP "= 8080:TCP:8080
"8090:TCP "= 8090:TCP:8090

R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2003-12-19 02:00]
R2 Windows SteadyState;Windows SteadyState Service; "C:\Program Files\Windows SteadyState\SCTSvc.exe" [2007-06-05 16:56]
R3 KFilter;KFilter;D:\KFilter.sys [2008-01-31 13:11]
R3 MailScan;MailScan;D:\MailScan.sys [2008-02-01 03:05]
R3 TFilter;TFilter;D:\TFilter.sys [2008-01-31 11:11]
S3 epatap2k;SCM Parallel Port ATAPI Driver;C:\WINDOWS\system32\DRIVERS\epatap2k.sys [2000-03-17 21:27]
S3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys [2003-11-07 04:50]
S4 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
S4 PRISMSVC;PRISMSVC;C:\WINDOWS\system32\PRISMSVC.EXE [2005-10-16 17:40]
S4 SQLWriter;SQL Server VSS Writer; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]

*Newly Created Service* - KFILTER
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 22:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job "
- D:\Tune up\OneClick.exe
.
**************************************************************************

disk not found C:\

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk not found C:\

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\locator.exe
D:\MXTask.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
D:\mxtask.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\COMMON~1\Logishrd\LQCVFX\COCIMA~1.EXE
.
**************************************************************************
.
Completion time: 2008-03-23 7:39:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 12:38:25
ComboFix2.txt 2008-03-22 18:24:07
ComboFix3.txt 2008-01-18 11:24:44
ComboFix4.txt 2008-01-12 09:09:25
ComboFix5.txt 2008-01-10 01:21:13
.
2008-03-16 08:02:04 --- E O F ---

 

Hi

Lets get a uninstall list.

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager "
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Geri

 

Adobe® Photoshop® Album Starter Edition 3.2
Broadcom 440x 10/100 Integrated Controller
DesignPro 5.0 Limited Edition
Google Toolbar for Internet Explorer
HijackThis 2.0.2
LimeWire 4.16.6
Microsoft .NET Framework 1.1
QuickTime
Security Update for CAPICOM (KB931906)
SystemSuite 8 Professional
Windows Media Format 11 runtime
Windows Media Player 11
YouSendIt Application
YouSendIt Application Plug-in SDK

 

hI
OK lets see if this shows anything more.

Click Start > Run
Copy and paste everything inside the code box into the run box and click OK

Code:

regedit /e  "%userprofile%\desktop\HKLMAR.txt"  "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" 

It will produce a txt file on your desktop called HKLMAR.txt

Open it and post the contents of it here.

Thanks
Geri

 

it wouldnt all fit...
I have Belarc....does this help?
this is just the programs part, I could upload the whole thing to geocities if u want me to...

2007 Microsoft Office system Version 12.0.6300.5000 *
ActivIcons *
Adam Najmanowicz & Stardock Net. - SkinStudio button visibility test utility Version 1.0.0.0 *
Adobe Acrobat Reader Version 5.0.5.0 *
Adobe Acrobat Version 8.0.0.0 *
Adobe Photoshop Album Starter Edition Version 3.2.0.77764 *
Adobe Reader Version 8.1.0.2007051100 *
Advanced Effect Maker Freeware Edition *
AffiliSys LLC - BlueVoda Application Version 8, 0, 1, 0 *
Amara - Menu Builder *
America Online Version 7, 0, 0, 2 *
America Online Version 9.00.000 *
America Online, Inc. - AOL Connectivity Service Version 1,0,25,3 *
Anfy Version 2, 1, 0, 0 *
AOL Service Libraries Version 1.4.9.1 *
Apple Computer, Inc. - QuickTime QuickTime 7.1.5a38 *
ArcSoft Inc. - Multimedia Email Version 3.0.0.43 *
Arcsoft PhotoImpression 5 Version 5.1.0.9 *
Avanquest Software USA, Inc. - MXTask Background Service Version 8.0.3.3 *
Avanquest Software USA, Inc. - SystemSuite Version 8.0.3.3 *
Avery Dennison Corporation - DesignPro® 5.0 Version 5.2.1201.0 *
AVM Software Inc. - PaltalkScene Version 9, 91, 1, 236 *
Belarc, Inc. - Advisor Version 7.2x *
BitTorrent *
Blender *
BlueVoda - BlueFTP Version 1, 2, 0, 0 *
Bradbury Software, LLC - TopStyle Lite Version 3.10 *
Cinematronics - 3D Pinball Version 5.1.2600.2180 *
Conexant Systems, Inc. - PRISM Wireless LAN Version 2.03.17.0017 *
Creative Cam Detector Version 3.50 *
Creative MediaSource Version 1.0.0.0 *
Creative Product Registration Version 2.3.25.0 *
Creative Service for CDROM Access Version 1.0.0.0 *
Creative System Information Version 1.0.0.0 *
Creative Technology Ltd - Audio Converter Version 1.0.0.0 *
Cupid Info Systems - Smart CD Menu Creator Version 1.00.0037 *
Dell Inc. - USB 2.0 Wireless LAN Version 2.03.17.0017 *
e-Presencia - POSTERIZA Version 1 *
EZ SoftMagic - MP3 Splitter & Joiner Version 3, 0, 3, 1 *
FotoWire Print Service Version 3.0 *
Google Updater Version 2.2.940.34809.beta *
GoogleToolbarNotifier Version 2, 0, 301, 1654 *
Hervé Thouzard - UnzipThemAll Version 1.00.0004 *
hwdunst Version 2.7.50.3 *
iMesh Version 1.0 *
IncrediTools - InAlbum 1.5 Lite Edition Version 1, 5, 0, 2 *
Indigo Rose Corporation - Setup Factory 6.0 Runtime Module Version 6.0.0.3 *
Inkjet Printer Version 1.2.26.23 *
inKline Global Inc. - PCBooster6 Version 1.0.0.1 *
InstallShield unInstaller Version 2.20.926.0 *
Intel(R) Common User Interface Version 7.0.0.4342 *
JAlbum *
Jasc Software Inc. - Animation Shop 3 Version 3.11 *
Jasc Software, Inc. - Paint Shop Pro 9 Version 9.010 *
Lavasoft Ad-Aware SE SE 106 *
Lexmark Fast Pics Application Version 1.0.5.0 *
Lexmark International Inc. - AIOC exe Version 2.15.90.31 *
Lexmark Photo Editor Version 1.0.4.1 *
LIGHTNING UK! - ImgBurn Version 2.4.0.0 *
LimeWire Version 1, 0, 0, 2 *
Logitech Inc. - iTouch Version 2.20.243 *
Logitech QuickCam Version 1.0.5.1158 *
Logitech QuickCam Version 11.5.0.1169 *
Logitech Version 1.5.2.1169 *
LxkLaunchPad Application Version 1, 0, 0, 1 *
Macromedia Dreamweaver MX Version 6.0.1714 *
Macromedia Extension Manager Version 1.5.037 *
Macrovision Corporation - InstallDriver Module Version 11.00 *
Macrovision Corporation - InstallShield (R) Version 11.00 *
MagicISO Version 5.4.0.256 *
Microsoft (r) Windows Script Host Version 5.6.0.8820 *
Microsoft Application Error Reporting Version 10.0.2609 *
Microsoft Clip Organizer Version 10.0.6308 * Microsoft Clip Organizer Version 12.0.4518.1014 *
Microsoft Corporation - Internet Explorer Version 7.00.6000.16608 *
Microsoft Corporation - Messenger Version 4.7.3001 *
Microsoft Corporation - Messenger Version 8.1.0178 *
Microsoft Corporation - MSN® Connection Center Version 2.0.0420.0 *
Microsoft Corporation - Office Diagnostics Service Version 12.0.4518.1014 *
Microsoft Corporation - Office Diagnostics Version 12.0.4518.1014 *
Microsoft Corporation - Office Source Engine Version 12.0.4518.1014 *
Microsoft Corporation - User Profile Hive Cleanup Service Version 1.6.30.0 *
Microsoft Corporation - Windows Installer - Unicode Version 3.1.4000.1823 *
Microsoft Corporation - Windows Movie Maker Version 2.1.4026.0 *
Microsoft Corporation - Windows SteadyState - Service Version 5.1.2600.3370 *
Microsoft Corporation - Windows SteadyState - UI Version 5.1.2600.3370 *
Microsoft Corporation - Windows® NetMeeting® Version 3.01 *
Microsoft Corporation - Zone.com Version 1.2.626.1 *
Microsoft Data Access Components Version 3.525.1117.0 *
Microsoft Office InfoPath Version 12.0.4518.1014 *
Microsoft Office Isolated Converter Environment Version 12.0.6211.1000 *
Microsoft Office Picture Manager Version 12.0.4518.1014 *
Microsoft Office XP Version 10.0.6838 *
Microsoft Open XML Converter Version 12.0.6211.1000 *
Microsoft SQL Server Version 9.00.3042.00 *
Microsoft Streets & Trips 2004 Version 11.00.18.1900 *
Microsoft® .NET Framework Version 2.0.50727.1433 *
Microsoft® Works 7.0 Version 7.02.0710.1 *
Microsoft® Works 7.0 Version 7.03.0719.0 *
Miha Psenica - Mihov Gallery Creator Version 1.0.0.0 *
MindVision Software - Installer VISE Version 3.1.1 *
MINO STUDIO - ThumbnailGallery Version 2.7.5.22165 *
Mozilla Corporation - Firefox Version 2.0.0.7 *
MySpaceIM Version 1.0.745.0 *
NetZero Internet Version 8.5.9.0 *
Nsasoft LLC. - whois Application Version 2, 2, 0, 0 *
PC Tools - Registry Mechanic Version 7.00.1010 *
PeoplePC - PPCOLink Module Version 6, 3, 0, 0 *
piolch Module Version 1, 0, 0, 1 *
PixMatrix Version 2, 1, 0, 0 *
Printer Communication System Version 1.154.7.0 *
Propel Software Corporation - PeoplePC Online Accelerator: Version 5.0.0.1053 *
RealNetworks, Inc. - RealPlayer (32-bit) Version 6.0.9.584 *
Rhyme *
Settings Router Version 1, 0, 0, 1 *
SiSoftware Sandra 2005.SR2 Version 10.60.2005.7 *
Soeperman Enterprises Ltd. - HijackThis Version 1.99.0001 *
Stardock SkinStudio Version 1.0.0.0 *
Start Coolringer *
StoikStarter Application Version 1, 0, 0, 1 *
Sue Fisher - The Font Thing Version 0.80 *
Sun Microsystems, Inc. - Java(TM) 2 Platform Standard Edition 5.0 Update 10 Version 5.0.100.3 *
Sun Microsystems, Inc. - Java(TM) Platform SE 6 U5 Version 6.0.50.13 *
SuperAdBlocker.com - BootSafe Application Version 2, 0, 0, 1000 *
SUPERAntiSpyware Version 3, 9, 0, 1008 *
SUPERAntiSpyware Version 4, 0, 0, 1154 *
Sysinternals - Process Explorer Version 9.25 *
Tablet Driver for Win2000/XP Version 4.03.02 *
The Webshots Desktop Launcher Version 3, 0, 0, 7231 *
Trend Micro Inc. - HijackThis Version 2.00.0002 *
TrendMetrix Software Inc. - SEO Studio Version 2.00.0004 *
Turbointernetbooster LLC - Turbo Internet Booster Version 1.06 *
UC-Logic Technology Corp. - Windows Application Installer Program Version 1.00 *
V-Methods Software - E-Mage for Web Version 1.2.0.0 *
Vevosoft Technologies Pvt Ltd. - Vevo! Catalog Maker2.1 Version 2.01 *
VideoPak2 Application Version 1, 0, 0, 1 *
VideoTools - VideoUploader Version 1.0.2517.27071 *
Virtual Mechanics WebDwarf V2 Version 2, 5, 0, 3 *
WebCam Center Version 1. 0. 1. 0 *
WindowBlinds Remote Control *
Wizards to adjust .NET Framework security, assign trust to assemblies, and fix broken .NET applications. Version 1.0.5000.0 *
Xara ScreenMaker 3D Application Version 1, 0, 1, 0 *
Yahoo! Inc. - YShortcut Application Version 3, 5, 0, 0 *
Yahoo! Messenger Version 8,1,0,402 *
YouSendIt *

--------------------------------------------------------------------------------

 

Hi NmymindDzine

Well no, Some programs install to program files, we want the add/remove list.

Lets do it this way.

Click Start > Run type in cmd and click OK.
Paste the following into the command window and post the log that opens.

Code:

@echo off
echo.> "%userprofile%\desktop\uninst.txt "
type   "%userprofile%\desktop\HKLMAR.txt" | findstr  "DisplayName UninstallString ">> "%userprofile%\desktop\uninst.txt "
start notepad  "%userprofile%\desktop\uninst.txt "
exit
cls

Thanks
Geri

 

"DisplayName "= "Microsoft Office Excel previewer "
"DisplayName "= "Microsoft Office Visio previewer "
@= "HxParseDisplayName Class "
"WantsParseDisplayName "=" "
"DisplayName "= "@\ "C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlrshim.exe\ ",-101 "
"DisplayName "= "Microsoft Office PowerPoint previewer "
"DisplayName "= "Microsoft Office Word previewer "
"WantsParseDisplayName "=" "
"DisplayName "= "@C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\pdfprevhndlr.dll,-101 "
@= "IParseDisplayName "
@= "Microsoft Help ParseDisplayName "

more comming...its really long.....

 

"DisplayName "= "Adobe® Photoshop® Album Starter Edition 3.2 "
"UninstallString "=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
"QuietUninstallString "= "Rundll32 IedkCS32.dll,BrandCleanInstallStubs "
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\01\\Intel32\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{700932B3-A964-4878-82A2-96054622A1F7}\\setup.exe\" -l0x9 /remove "
"UninstallString "= "\ "C:\\Program Files\\Creative Installation Information\\E-CENTER_PLUGIN_CDBURNER_U\\Setup.exe\" /remove /l0x0009 "
"UninstallString "= "\ "C:\\Program Files\\Creative Installation Information\\E-CENTER_PLUGIN_MUSICPLAYER_MSS_U\\Setup.exe\" /remove /l0x0009 "
"UninstallString "= "\ "C:\\Program Files\\Creative Installation Information\\E-CENTER_NET_CONTENT_U\\Setup.exe\" /remove /l0x0009 "
"UninstallString "= "\ "C:\\Program Files\\Creative Installation Information\\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\\Setup.exe\" /remove /l0x0009 "
"UninstallString "= "\ "C:\\Program Files\\Creative Installation Information\\E-CENTER_PLUGIN_ONLINESTORE_U\\Setup.exe\" /remove /l0x0009 "
"UninstallString "= "\ "C:\\Program Files\\Creative Installation Information\\MEDIASOURCE_PLAYER_SKINPACK_U\\Setup.exe\" /remove /l0x0009 "
"UninstallString "= "\ "C:\\Program Files\\Creative Installation Information\\E-CENTER_PLUGIN_MTP_U\\Setup.exe\" /remove /l0x0009 "
"UninstallString "= "\ "C:\\Program Files\\Creative Installation Information\\CREATIVE_MEDIASOURCE_U\\Setup.exe\" /remove /l0x0009 "
"DisplayName "= "HijackThis 2.0.2 "
"UninstallString "= "\ "C:\\HijackThis.exe\" /uninstall "
"UninstallString "= "C:\\Program Files\\InstallShield Installation Information\\{3AE00DF4-ADF1-479E-834C-D1B2E71570BD}\\setup.exe -runfromtemp -l0x0409 "
"DisplayName "= "YouSendIt Application Plug-in SDK "
"UninstallString "= "C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Driver\\7\\INTEL3~1\\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033 "
"DisplayName "= "Broadcom 440x 10/100 Integrated Controller "
"UninstallString "= "C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Driver\\9\\INTEL3~1\\IDriver.exe /M{97AE00A8-1336-410F-B467-1C6623127BD6} "
"DisplayName "= "DesignPro 5.0 Limited Edition "
"UninstallString "= "C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\Driver\\11\\INTEL3~1\\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033 "
"DisplayName "= "QuickTime "
"UninstallString "= "C:\\Program Files\\InstallShield Installation Information\\{E0EE81CC-A5DB-4535-8990-16ED39D67F99}\\setup.exe -runfromtemp -l0x0409 "
"DisplayName "= "YouSendIt Application "
"DisplayName "= "Security Update for CAPICOM (KB931906) "
"ParentDisplayName "= "CAPICOM "
"UninstallString "= "MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} "
"DisplayName "= "LimeWire 4.16.6 "
"UninstallString "= "\ "D:\\LimeWire\\uninstall.exe\" "
"UninstallString "= "msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} "
"DisplayName "= "Microsoft .NET Framework 1.1 "
"UninstallString "= "rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINDOWS\\INF\\PCHealth.inf "
"QuietUninstallString "= "rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\\WINDOWS\\INF\\PCHealth.inf "
"DisplayName "= "Windows Media Format 11 runtime "
"UninstallString "= "\ "C:\\Program Files\\Windows Media Player\\wmsetsdk.exe\" /UninstallAll "
"ParentDisplayName "=" "
"DisplayName "= "Windows Media Player 11 "
"UninstallString "= "\ "C:\\Program Files\\Windows Media Player\\Setup_wm.exe\" /Uninstall "
"ParentDisplayName "=" "
"DisplayName "= "Google Toolbar for Internet Explorer "
"UninstallString "= "regsvr32 /u /s \ "c:\\program files\\google\\googletoolbar1.dll\" "
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\engine\\6\\INTEL3~1\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{363435F2-7426-11D8-9966-00A0C9663221}\\setup.exe\" -l0x9 "
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\01\\Intel32\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\\setup.exe\" -l0x9 "
"UninstallString "=hex(2):4d,00,73,00,69,00,45,00,78,00,65,00,63,00,2e,00,65,00,\
"DisplayName "= "SystemSuite 8 Professional "
"UninstallString "= "RunDll32 C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\PROFES~1\\RunTime\\09\\01\\Intel32\\Ctor.dll,LaunchSetup \ "C:\\Program Files\\InstallShield Installation Information\\{700932B3-A964-4878-82A2-96054622A1F7}\\setup.exe\" -l0x9 "

theres 2 more of these....

 

Removed

 

"DisplayName "= "BitTorrent "
"UninstallString "= "\ "C:\\Program Files\\BitTorrent\\BitTorrent.exe\" /UNINSTALL "

 

I've edited non-essential info from your posts above. Something just doesn't look right with those results and I'm thinking the original export didn't go right. Please delete the HKLMAR.txt file on your desktop. Then, repeat the steps by Geri in this post to create a new HKLMAR.txt file.

Once you have the new file on the desktop, repeat the steps in this post and see if the file that opens appears any different than last time. Post it here if it is.

I would also like you to attach the new HKLMAR.txt to an email, then send it to me. Put RE: smitRem in the Subject line. Thanks!

 

asap
school this am b this afternoon sorry
ty 4 all ur help btw