[ViGiLANT3]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:28 PM, on 3/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Starfield\Desktop Notifier\wben.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Provide Support\ProvideSupportConsole.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (disabled by BHODemon)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {89DA4F2C-91AE-44B2-84A9-A5D9F682E737} - (no file)
O3 - Toolbar: CalorieKing Joslin Browser Toolbar - {4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC} - C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LanzarL2007] "C:\Users\Omar\AppData\Local\Temp\{E3361C39-565C-4D19-8982-54ABFB0D56A5}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\PROGRA~1\PROVID~1\PROVID~1.EXE" /profile default
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Explorer.lnk = C:\Windows\explorer.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {10072CEC-8CC1-11D1-986E-00A0C955B42E} (PeerDraw Class) - http://www.amazon.co...b_dp_pt/vgx.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-ca.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DNS4Me (DNS4MeClient) - Unknown owner - C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClient.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 11724 bytes

=====================================================================

I used to have an issue where a random advertisement would pop under my IE during browsing. I ran some adware removal programs and now the pop under still occurs however there isn't any advertisement, just a blank white page. What's going on?

[Advertisements]

Hi ViGiLANT3

welcome to geekstogo

sorry to keep you waiting. lets do a deeper scan of your machine for me to analyse.

(if your problem has already been resolved, could you just let me know so that i an move onto other logs to help others, thanks)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

you may need to post the logs over 2 replies to ensure all the information is posted.

andrewuk

[andrewuk]

Hi ViGiLANT3

welcome to geekstogo

sorry to keep you waiting. lets do a deeper scan of your machine for me to analyse.

(if your problem has already been resolved, could you just let me know so that i an move onto other logs to help others, thanks)

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

• Close all other windows before proceeding.
• Double-click on dss.exe and follow the prompts.
• When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

you may need to post the logs over 2 replies to ensure all the information is posted.

andrewuk

[ViGiLANT3]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6400 @ 2.13GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 2029.27 MiB / 897.76 MiB
Pagefile Memory (total/avail): 4270.34 MiB / 2784 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1907.84 MiB

C: is Fixed (NTFS) - 465.76 GiB total, 126.42 GiB free.
D: is CDROM (No Media)
F: is CDROM (No Media)
H: is CDROM (CDFS)
I: is Removable (FAT)

\\.\PHYSICALDRIVE0 - WDC WD5000AAKS-00TMA0 ATA Device - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.76 GiB - C:

\\.\PHYSICALDRIVE1 - Verbatim Store'n'go U3 USB Device - 949.15 MiB - 1 partition
\PARTITION0 (bootable) - Win95 w/Extended Int 13 - 949.4 MiB - I:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Omar\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OMAR-PC
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HKCU_S=\REGISTRY\CUSER\Software
HKLM_S=\REGISTRY\MACHINE\Software
HOMEDRIVE=C:
HOMEPATH=\Users\Omar
LOCALAPPDATA=C:\Users\Omar\AppData\Local
LOGONSERVER=\\OMAR-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\pvsw\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\VistaCodecPack\QT\QTSystem\;C:\Program Files\ImageConverter Plus;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Panda Security\Panda Antivirus 2008\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Omar\AppData\Local\Temp
TMP=C:\Users\Omar\AppData\Local\Temp
USERDOMAIN=Omar-PC
USERNAME=Omar
USERPROFILE=C:\Users\Omar
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Omar (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> .
--> MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Abexo Defragmenter Pro Plus --> C:\Program Files\Abexo\uninst.exe
Absolute MP3 Splitter version 2.6.8 --> "C:\Program Files\Absolute MP3 Splitter\unins000.exe"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Age of Empires III --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}
Age of Empires III - The Asian Dynasties --> C:\Program Files\InstallShield Installation Information\{C43C1415-3DFC-4089-9A32-0BECF28A6046}\setup.exe -runfromtemp -l0x0409
Age of Empires III - The WarChiefs --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{1C08A24C-B168-407E-A826-68FAF5F20710}
Age of Mythology --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Age of Mythology - The Titans Expansion --> "C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
AGEIA PhysX v7.09.13 --> MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AI RoboForm --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AVI/MPEG/RM/WMV Joiner 4.82 --> "C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
Battle For Troy --> C:\Program Files\Battle For Troy\Uninstal.exe
BitTorrent --> "C:\Program Files\BitTorrent\BitTorrent.exe" /UNINSTALL
Call of Duty® 4 - Modern Warfare™ --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CalorieKing Joslin Browser Toolbar (v1.1.0.3) --> MsiExec.exe /X{705DB8B0-0EDA-41E1-8FA8-B0DB36F4678F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator 1.1 --> "C:\Program Files\Canon\MP Navigator 1.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 1.1\uninst.ini
Canon MP130 --> "C:\Windows\system32\CanonIJ Uninstaller Information\{223E6BB9-6602-4ee4-A964-1B3EFD3C5B80}\DelDrv.exe" /U:{223E6BB9-6602-4ee4-A964-1B3EFD3C5B80} /L0x0009
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\Setup.exe" -l0x9 anything
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chessmaster Grandmaster Edition --> C:\Program Files\InstallShield Installation Information\{27614800-84A9-484E-9CCB-43ED2F1205F5}\setup.exe -runfromtemp -l0x0409
Clive Barker's Jericho --> "C:\Program Files\InstallShield Installation Information\{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}\Setup.exe" -runfromtemp -l0x0009 -removeonly
ConvertXtoDVD 2.0.12 --> "C:\Program Files\ConvertXtoDVD\unins000.exe"
Corel Paint Shop Pro Photo XI --> MsiExec.exe /X{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}
Counter-Strike: Source v17 --> C:\Program Files\Counter-Strike Source\Uninstal.exe
CuteFTP 8 Professional --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91F34319-08DE-457A-99C0-0BCDFAC145B9}\Setup.exe" -l0x9
Desktop Notifier --> MsiExec.exe /I{51592ABE-532F-4E96-8AE3-97A5AA0FB5D2}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
Docudesk GPL Ghostscript 8.15 --> "C:\Program Files\Docudesk\GPL Ghostscript\unins000.exe"
Gears of War --> C:\Program Files\InstallShield Installation Information\{1170D24F-42B7-40CF-AA1B-6395CE562354}\setup.exe -runfromtemp -l0x0409
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IcoFX 1.5.01 --> "C:\Program Files\IcoFX 1.5\unins000.exe"
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Intel® Active Management Technology LMS Service and SOL Driver --> C:\Windows\system32\mesoludlg.exe -uninstall
Intel® Management Engine Interface --> C:\Windows\system32\heciudlg.exe -uninstall
Intel® PRO Network Connections 11.2.0.69 --> MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
Intel® PRO Network Connections 11.2.0.69 --> MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
Intel® PRO Network Connections Drivers --> Prounstl.exe
iTunes --> MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Jasc Animation Shop 3 --> MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kane and Lynch: Dead Men --> MsiExec.exe /X{A66C4716-7E10-4A53-8101-00C3C11D6A9C}
Kasparov Chessmate --> "C:\Program Files\Kasparov Chessmate\unins000.exe"
Label Wizard 1 --> "C:\Program Files\Label Wizard\uninstall.exe"
Live Support Chat for Web Site 4.3.0 --> "C:\Program Files\Provide Support\unins000.exe"
Lost Planet Extreme Condition --> MsiExec.exe /I{AD281A87-2AD3-4CEB-AF85-468FD84698D8}
Macromedia Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Magic ISO Maker v5.3 (build 0216) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Magic Video Converter Trial Version (English) 8.0.2.18 --> "C:\Program Files\Magic Video Converter\unins000.exe"
Mapedit --> "C:\Program Files\Mapedit\uninstall.exe"
MasterSplitter Program --> C:\Program Files\MasterSplitter\uninstal.exe
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 --> msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1 Hotfix (KB929729) --> "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M929729\M929729Uninstall.msp"
Microsoft Age of Empires II --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Age of Empires II: The Conquerors Expansion --> "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Digital Image Standard 2006 Update --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=PREM VERSION=12
Microsoft Games for Windows - LIVE Redistributable --> MsiExec.exe /X{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}
Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft Works Suite 2006 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2006\Setup\Launcher.exe /ARP D:\
Microsoft Works Suite Add-in for Microsoft Word --> MsiExec.exe /I{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MultimediaFeed MP3 Tagger v2.85 --> "C:\Program Files\MultimediaFeed MP3 Tagger\unins000.exe"
O&O Defrag Professional Edition --> MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
OpenAL --> "C:\Program Files\OpenAL\oalinst.exe" /U
Panda Antivirus 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\setup.exe" -l0x9 -removeonly
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Penumbra Black Plague --> "C:\Program Files\Paradox Interactive\Penumbra Black Plague\unins000.exe"
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PropertiesPlus (Remove Only) --> C:\Windows\system32\ShellExt\ppsetup.exe /uninstall
PunkBuster Services --> C:\Windows\system32\pbsvc.exe -u
QuickPar 0.9 --> C:\Program Files\QuickPar\uninst.exe
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
Replay Media Catcher --> "C:\Windows\Replay Media Catcher\uninstall.exe" "/U:C:\Program Files\Replay Media Catcher\Uninstall\uninstall.xml"
River Past Video Cleaner Pro --> C:\Windows\Video Cleaner Pro Uninstaller.exe
Serious Sam 2 --> C:\Program Files\Serious Sam 2\Bin\Uninstall.exe
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SILENT HILL 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{00BD992A-D4C7-447D-8AA1-60B5759EA30D}\setup.exe" -l0x9
Sothink SWF Decompiler --> "C:\Program Files\Sothink SWF Decompiler\unins000.exe"
Spider-Man™ - Friend or Foe --> C:\Program Files\InstallShield Installation Information\{BDA6A019-2695-4AE1-88CE-EE7801BD41AA}\setup.exe -runfromtemp -l0x0409
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Trek Armada II --> C:\Windows\IsUninst.exe -f"C:\Program Files\Activision\Star Trek Armada II\STA2.isu"
Star Trek Away Team --> C:\Windows\IsUninst.exe -f"C:\Program Files\Star Trek Away Team\stat.isu"
Star Trek Elite Force II --> C:\PROGRA~1\ACTIVI~1\EF2\Uninstall\Unwise.exe /u C:\PROGRA~1\ACTIVI~1\EF2\Uninstall\Install.log
Star Trek: Armada --> C:\PROGRA~1\ACTIVI~1\STARTR~2\UNINST~1\UNINST~1.EXE C:\Program Files\Activision\Star Trek - Armada\uninstall\Star Trek Armada.log
Titan Quest --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x9 -removeonly
Titan Quest Immortal Throne --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x9 -removeonly
Total Uninstall 4.6.2 --> "C:\Program Files\Total Uninstall 4\unins000.exe"
TreeSize Professional 4.2.2 --> "C:\Program Files\TreeSize Professional\unins000.exe"
Undelete Plus 2.6 --> "C:\Program Files\Undelete Plus\unins000.exe"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
UseNeXT --> "C:\Program Files\UseNeXT\unins002.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VLC\uninstall.exe
Vista Codec Package --> MsiExec.exe /I{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> "C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner --> MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Word to PDF Converter 3.0 --> "C:\Program Files\PDF-Convert\unins000.exe"
Xara3D6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3783869-5D14-4838-A042-910DF816D070}\setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type154026 / Error
Event Submitted/Written: 03/06/2008 06:27:08 PM
Event ID/Source: 0 / SDWinSec.exe
Event Description:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk

Event Record #/Type154024 / Error
Event Submitted/Written: 03/06/2008 06:26:44 PM
Event ID/Source: 0 / SDWinSec.exe
Event Description:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk

Event Record #/Type154022 / Error
Event Submitted/Written: 03/06/2008 06:26:44 PM
Event ID/Source: 0 / SDWinSec.exe
Event Description:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk

Event Record #/Type154020 / Error
Event Submitted/Written: 03/06/2008 06:24:08 PM
Event ID/Source: 0 / SDWinSec.exe
Event Description:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk

Event Record #/Type154018 / Error
Event Submitted/Written: 03/06/2008 06:23:08 PM
Event ID/Source: 0 / SDWinSec.exe
Event Description:
Unable to complete the requested operation because of either a catastrophic media failure or a data structure corruption on the disk



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type114012 / Warning
Event Submitted/Written: 03/06/2008 05:53:48 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type114011 / Warning
Event Submitted/Written: 03/06/2008 05:53:48 PM
Event ID/Source: 4 / Client Side Rendering Spooler
Event Description:
The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Event Record #/Type113931 / Warning
Event Submitted/Written: 03/06/2008 03:08:14 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type113558 / Warning
Event Submitted/Written: 03/06/2008 02:14:02 AM
Event ID/Source: 1006 / WinDefend
Event Description:
%NT AUTHORITY27 scan has detected spyware or other potentially unwanted software.

For more information please see the following:
%NT AUTHORITY275

Scan ID: {3A813BFF-9CC8-46EF-A837-A891C2BEDC01}

Scan Type: %NT AUTHORITY01

Scan Parameters: %NT AUTHORITY09

User: NT AUTHORITY\NETWORK SERVICE

Name: %NT AUTHORITY271

ID: %NT AUTHORITY272

Severity ID: %NT AUTHORITY273

Category ID: %NT AUTHORITY274

Path Found: %NT AUTHORITY276

Detection Type: 1.1.1505.02

Event Record #/Type113436 / Warning
Event Submitted/Written: 03/05/2008 10:03:56 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2008-03-06 18:29:04 ------------

[ViGiLANT3]

Deckard's System Scanner v20071014.68
Run by Omar on 2008-03-06 18:24:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 3 Restore Point(s) --
3: 2008-03-06 22:41:38 UTC - RP681 - Installed Java™ 6 Update 5
2: 2008-03-05 19:03:47 UTC - RP680 - Uninstalled with Total Uninstall "SoulSeek Client 156c"
1: 2008-03-05 19:02:12 UTC - RP678 - Uninstalled with Total Uninstall "Soldier of Fortune II - Double Helix"


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Omar.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:15 PM, on 3/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Starfield\Desktop Notifier\wben.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Provide Support\ProvideSupportConsole.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Users\Omar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BX6DMIV8\dss[1].exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Omar.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\winlogon.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {89DA4F2C-91AE-44B2-84A9-A5D9F682E737} - (no file)
O3 - Toolbar: CalorieKing Joslin Browser Toolbar - {4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC} - C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\PROGRA~1\PROVID~1\PROVID~1.EXE" /profile default
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Explorer.lnk = C:\Windows\explorer.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {10072CEC-8CC1-11D1-986E-00A0C955B42E} (PeerDraw Class) - http://www.amazon.co...b_dp_pt/vgx.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-ca.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DNS4Me (DNS4MeClient) - Unknown owner - C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClient.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 11651 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080216-092109-452 O1 - Hosts: 80.190.241.30 home.edonkey.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>

S3 RT25USBAP (Nintendo Wi-Fi USB Connector Service) - c:\windows\system32\drivers\rt25usbap.sys <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 LMS (Intel® Active Management Technology LMS Service) - c:\program files\intel\amt\lms.exe <Not Verified; Intel; Intel® Active Management Technology Local Manageability Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>

S2 DNS4MeClient (DNS4Me) - "c:\program files\rhinosoft.com\dns4me\dns4meclient.exe" -service (file missing)
S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-28 13:10:02 268 --a------ C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-10-30 13:47:23 390 --a------ C:\Windows\Tasks\Uniblue SpeedUpMyPC.job
2007-10-30 13:46:37 336 --a------ C:\Windows\Tasks\Uniblue SpyEraser.job


-- Files created between 2008-02-06 and 2008-03-06 -----------------------------

2008-03-03 14:50:19 91648 --a------ C:\Windows\system32\stcplx.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-03-03 14:50:19 520192 --a------ C:\Windows\system32\stapo.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-03-03 14:50:19 90112 --a------ C:\Windows\system32\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-03-03 14:50:19 303104 --a------ C:\Windows\sttray.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-03-03 14:50:18 1146880 --a------ C:\Windows\system32\stlang.dll <Not Verified; SigmaTel, Inc.; C-Major Audio>
2008-03-03 14:50:09 0 d-------- C:\Program Files\SigmaTel
2008-03-03 14:44:17 0 d-------- C:\dell
2008-03-03 14:39:49 0 d-------- C:\pnp
2008-03-03 13:58:15 0 d-------- C:\Program Files\Abexo
2008-03-03 10:26:51 0 d-------- C:\Program Files\Paradox Interactive
2008-03-02 20:04:22 0 d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2008-03-02 10:37:49 1158 --a------ C:\Windows\mozver.dat
2008-03-01 17:38:04 0 d-------- C:\Program Files\IcoFX 1.5
2008-03-01 12:03:17 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-29 16:42:37 0 d-------- C:\Program Files\Label Wizard
2008-02-28 13:53:51 0 d--h----- C:\Windows\msdownld.tmp
2008-02-28 13:53:48 0 d-------- C:\Windows\system32\directx
2008-02-28 13:34:36 0 d-------- C:\Program Files\Common Files\Panda Software
2008-02-28 13:22:06 0 d-------- C:\Users\All Users\sentinel
2008-02-28 13:21:25 248 --a------ C:\Windows\system32\PavCPL.dat
2008-02-28 13:21:17 0 d-------- C:\Windows\system32\PAV
2008-02-28 13:18:05 0 d-------- C:\Program Files\Panda Security
2008-02-28 12:43:04 0 d-------- C:\Program Files\CapCom
2008-02-26 17:42:15 0 d-------- C:\Program Files\YouTube Downloader
2008-02-26 00:49:58 0 d-------- C:\Program Files\Common Files\SourceTec
2008-02-26 00:49:57 0 d-------- C:\Program Files\Sothink SWF Decompiler
2008-02-22 23:44:05 0 d-------- C:\Program Files\iPod
2008-02-22 23:44:02 0 d-------- C:\Program Files\iTunes
2008-02-17 10:53:13 32768 --a------ C:\Windows\system32\mf (2).dll
2008-02-17 10:41:13 0 d-------- C:\Users\All Users\Martau
2008-02-17 10:39:58 0 d-------- C:\Program Files\Total Uninstall 4
2008-02-17 02:27:43 0 d-------- C:\Users\All Users\Activision
2008-02-17 01:47:29 0 d-------- C:\Program Files\Traction Software
2008-02-16 09:18:33 0 d-------- C:\Program Files\Trend Micro
2008-02-14 13:19:17 0 d-------- C:\Users\All Users\Microsoft Games
2008-02-09 22:51:31 0 d-------- C:\Program Files\FDRLab
2008-02-09 21:32:13 0 d-------- C:\Program Files\DNA
2008-02-09 21:32:11 0 d-------- C:\Program Files\BitTorrent
2008-02-09 18:15:28 0 d-------- C:\Program Files\TreeSize Professional
2008-02-08 09:24:38 0 d-------- C:\Program Files\DAEMON Tools Lite


-- Find3M Report ---------------------------------------------------------------

2008-03-06 18:27:28 0 d-------- C:\Users\Omar\AppData\Roaming\BitTorrent
2008-03-06 18:22:15 0 d-------- C:\Users\Omar\AppData\Roaming\DNA
2008-03-06 17:43:19 0 d-------- C:\Program Files\Java
2008-03-06 16:26:05 0 d-------- C:\Users\Omar\AppData\Roaming\Corel
2008-03-05 14:02:46 0 d-------- C:\Program Files\Soldier of Fortune II - Double Helix
2008-03-04 22:14:27 0 d-------- C:\Users\Omar\AppData\Roaming\Winamp
2008-03-03 23:49:50 0 d-------- C:\Program Files\Magic Video Converter
2008-03-03 18:29:09 0 d-------- C:\Program Files\DAEMON Tools Pro
2008-03-03 13:11:24 0 d-------- C:\Program Files\Activision
2008-03-03 13:11:06 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-03 12:34:16 0 d-------- C:\Program Files\THQ
2008-03-03 12:34:03 0 d-------- C:\Users\Omar\AppData\Roaming\InstallShield
2008-03-03 00:10:41 3350 --ahs---- C:\Windows\system32\KGyGaAvL.sys
2008-03-02 22:15:42 0 d-------- C:\Users\Omar\AppData\Roaming\Vso
2008-03-02 10:34:24 0 d-------- C:\Users\Omar\AppData\Roaming\Talkback
2008-03-01 17:51:38 0 d-------- C:\Users\Omar\AppData\Roaming\IcoFX
2008-02-29 10:01:44 0 d-------- C:\Program Files\Star Trek Away Team
2008-02-28 13:34:36 0 d-------- C:\Program Files\Common Files
2008-02-26 19:27:37 0 d-------- C:\Program Files\Far Cry
2008-02-25 13:09:58 0 d-------- C:\Program Files\Kasparov Chessmate
2008-02-22 13:04:15 0 d-------- C:\Users\Omar\AppData\Roaming\Adobe
2008-02-17 10:51:34 0 d-------- C:\Program Files\Microsoft Games
2008-02-17 02:27:43 0 d-------- C:\Users\Omar\AppData\Roaming\Activision
2008-02-17 01:47:25 0 d-------- C:\Users\Omar\AppData\Roaming\GetRightToGo
2008-02-16 13:25:56 0 d-------- C:\Users\Omar\AppData\Roaming\UseNeXT
2008-02-16 10:33:43 0 d-------- C:\Program Files\Xilisoft
2008-02-16 10:33:28 0 d-------- C:\Program Files\MSECACHE
2008-02-16 10:28:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-14 13:11:37 0 d-------- C:\Users\Omar\AppData\Roaming\Microsoft Game Studios
2008-02-11 15:49:48 0 d-------- C:\Users\Omar\AppData\Roaming\dvdcss
2008-02-09 18:52:06 0 d-------- C:\Users\Omar\AppData\Roaming\Bioshock
2008-02-09 18:18:51 0 d-------- C:\Users\Omar\AppData\Roaming\JAM Software
2008-02-08 09:24:39 0 d-------- C:\Users\Omar\AppData\Roaming\DAEMON Tools
2008-01-31 00:04:23 0 d-------- C:\Program Files\Winamp
2008-01-25 00:15:11 0 d-------- C:\Program Files\OO Software
2008-01-22 21:00:42 0 d-------- C:\Program Files\CCleaner
2008-01-20 20:27:39 2228 --a------ C:\Windows\system32\tmp.reg
2008-01-17 06:29:37 0 d-------- C:\Program Files\PowerISO
2008-01-16 20:27:25 0 d-------- C:\Program Files\MultimediaFeed MP3 Tagger
2008-01-16 20:27:23 0 d-------- C:\Users\Omar\AppData\Roaming\MultimediaFeed.com
2008-01-15 09:45:25 0 d-------- C:\Program Files\Ubisoft
2008-01-14 14:19:22 0 d-------- C:\Users\Omar\AppData\Roaming\Canon
2008-01-10 15:54:41 131584 --a------ C:\Windows\system32\SpoonUninstall.exe
2008-01-09 21:59:09 0 d-------- C:\Program Files\Windows Mail
2008-01-09 21:59:07 0 d-------- C:\Program Files\Windows Sidebar
2007-12-20 23:11:52 81920 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2007-12-17 17:10:33 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-12-16 20:58:41 14 --ah----- C:\Users\Omar\AppData\Roaming\mpdt294
2007-12-15 00:15:36 165477 --a------ C:\Windows\Video Cleaner Pro Uninstaller.exe
2007-12-09 13:17:51 21840 --a-----t C:\Windows\system32\SIntfNT.dll
2007-12-09 13:17:50 17212 --a-----t C:\Windows\system32\SIntf32.dll
2007-12-09 13:17:50 12067 --a-----t C:\Windows\system32\SIntf16.dll
2007-12-07 18:28:37 413696 --a------ C:\Windows\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2007-12-07 18:28:37 110592 --a------ C:\Windows\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC}"= C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL [07/26/2007 12:16 PM 103808]

[-HKEY_CLASSES_ROOT\CLSID\{4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{5394A76B-F52F-4149-8E55-3291DC4563F2}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [10/31/2006 10:47 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [10/31/2006 10:44 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [01/31/2008 11:13 PM]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [05/11/2007 02:08 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 01:10 PM]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [10/04/2007 03:14 PM]
"SigmatelSysTrayApp"="sttray.exe" [11/02/2006 12:38 PM C:\Windows\sttray.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/09/2008 09:53 PM]
"@"="" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [11/10/2006 12:35 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 07:35 AM]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40 AM]
"wben"="C:\Program Files\Starfield\Desktop Notifier\wben.exe" [11/06/2007 02:12 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [01/17/2008 11:51 AM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [02/09/2008 09:32 PM]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [02/16/2008 09:20 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:36 AM]
"etxraixi"="c:\users\omar\appdata\local\etxraixi.exe" [03/04/2008 06:38 PM]
"ProvideSupportOperatorConsole[default]"="C:\PROGRA~1\PROVID~1\PROVID~1.exe" [01/29/2007 06:37 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\winlogon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 08:02 PM 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanzarL2007]
"C:\Users\Omar\AppData\Local\Temp\{E3361C39-565C-4D19-8982-54ABFB0D56A5}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
iissvcs w3svc was


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{057c59fc-d38d-11dc-86a5-0019d1121e78}]
AutoRun\command- F:\penumbra_bp_ger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{386c0fa8-5ad8-11dc-a6e1-0019d1121e78}]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a93e927-9388-11dc-9c31-0019d1121e78}]
AutoRun\command- F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e989fac-930e-11dc-84a7-0019d1121e78}]
AutoRun\command- E:\AutoRunCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b4a3a94-18fb-11dc-8d8b-0019d1121e78}]
AutoRun\command- H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3d23c4-d01f-11db-bf80-0019d1121e78}]
AutoRun\command- F:\doNada.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {F8487D71-8722-24E3-AC1E-8BA8B34E8832} /qb

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- Hosts -----------------------------------------------------------------------

66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

7842 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-06 18:29:04 ------------

[andrewuk]

looks like you once had the smitfraud infection, so we will first check if it is still there. unlikely we will solve your problem in this post.

also, did you add these to your hosts files?
66.98.148.65 auto.search.msn.com
66.98.148.65 auto.search.msn.es


====STEP 1====
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

• Open Spybot Search & Destroy.
• In the Mode menu click "Advanced mode" if not already selected.
• Choose "Yes" at the Warning prompt.
• Expand the "Tools" menu.
• Click "Resident".
• Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
• In the File menu click "Exit" to exit Spybot Search & Destroy.

====STEP 2====
Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm


andrewuk

[ViGiLANT3]

SmitFraudFix v2.300

Scan done at 12:28:18.01, Sat 03/08/2008
Run from C:\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\oodag.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Starfield\Desktop Notifier\wben.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Omar\AppData\Local\etxraixi.exe
C:\Program Files\Provide Support\ProvideSupportConsole.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\psimreal.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\avciman.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Omar


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Omar\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Omar\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® 82566DM Gigabit Network Connection
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{DB3487F0-B55F-4615-9B7D-9CDF26C1CDFC}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DB3487F0-B55F-4615-9B7D-9CDF26C1CDFC}: DhcpNameServer=192.168.2.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


=======================================================
Thanks so much for the help andrewuk... Look forward to my donation in the future.

[andrewuk]

looks like the main smitfraud is gone, but your hostfiles are corrupted so we will fix those and start on the remaining fix.

====STEP 1====
Download the HostsXpert 4.2 - Hosts File Manager.

• Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
• Run HostsXpert 4.2 - Hosts File Manager from its new home
• Click on "File Handling".
• Click on "Restore MS Hosts File".
• Click OK on the Confirmation box.
• Click on "Make Read Only?"
• Click the X to exit the program.
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

====STEP 2====
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**


In your next reply could i see:
1. the combofix log
2. a new hijackthis log

andrewuk

[ViGiLANT3]

ComboFix 08-03-07.4 - Omar 2008-03-08 14:15:28.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.961 [GMT -5:00]
Running from: C:\Users\Omar\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Omar\AppData\Local\etxraixi.dat
C:\Users\Omar\AppData\Local\etxraixi.exe
C:\Users\Omar\AppData\Local\etxraixi_nav.dat
C:\Users\Omar\AppData\Local\etxraixi_navps.dat
C:\Windows\rs.txt
C:\Windows\search_res.txt
C:\Windows\system32\install.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-08 to 2008-03-08 )))))))))))))))))))))))))))))))
.

2008-03-08 14:11 . 2008-03-08 14:12 <DIR> d-------- C:\HostsXpert 4.2 - Hosts File Manager
2008-03-08 12:27 . 2008-03-08 12:28 <DIR> d-------- C:\SmitfraudFix
2008-03-08 12:27 . 2008-03-08 12:27 1,303,855 --a------ C:\SmitfraudFix.exe
2008-03-06 18:39 . 2008-03-06 18:39 <DIR> d-------- C:\Windows\Java
2008-03-06 18:39 . 2002-02-18 07:34 313,856 --a------ C:\Windows\System32\dx3j.dll
2008-03-06 18:39 . 2002-02-18 10:22 171,280 --a------ C:\Windows\System32\jit.dll
2008-03-06 18:39 . 2002-02-18 10:22 139,536 --a------ C:\Windows\System32\javaee.dll
2008-03-06 18:39 . 2002-02-18 10:23 46,352 --a------ C:\Windows\setdebug.exe
2008-03-06 18:39 . 2002-02-18 07:55 7,315 --a------ C:\Windows\System32\javasup.vxd
2008-03-06 18:39 . 2002-02-18 07:35 6,550 --a------ C:\Windows\jautoexp.dat
2008-03-06 18:38 . 2008-03-06 18:39 <DIR> d-------- C:\Program Files\Hushmail for Outlook
2008-03-06 18:24 . 2008-03-06 18:24 <DIR> d-------- C:\Deckard
2008-03-03 14:50 . 2008-03-03 14:50 <DIR> d-------- C:\Program Files\SigmaTel
2008-03-03 14:50 . 2006-11-02 12:39 4,931,584 --a------ C:\Windows\System32\stacgui.cpl
2008-03-03 14:50 . 2006-11-02 12:38 1,146,880 --a------ C:\Windows\System32\stlang.dll
2008-03-03 14:50 . 2006-11-02 12:39 520,192 --a------ C:\Windows\System32\stapo.dll
2008-03-03 14:50 . 2006-11-02 12:38 303,104 --a------ C:\Windows\sttray.exe
2008-03-03 14:50 . 2006-11-02 12:39 140,800 --a------ C:\Windows\System32\staco.dll
2008-03-03 14:50 . 2006-11-02 12:39 91,648 --a------ C:\Windows\System32\stcplx.dll
2008-03-03 14:50 . 2006-11-02 12:39 90,112 --a------ C:\Windows\System32\stacsv.exe
2008-03-03 14:44 . 2008-03-03 14:44 <DIR> d-------- C:\dell
2008-03-03 14:39 . 2008-03-03 14:39 <DIR> d-------- C:\pnp
2008-03-03 13:58 . 2008-03-03 14:21 <DIR> d-------- C:\Program Files\Abexo
2008-03-03 13:58 . 2008-03-03 13:58 241 --a------ C:\Windows\Wininit.ini
2008-03-03 10:26 . 2008-03-03 10:26 <DIR> d-------- C:\Program Files\Paradox Interactive
2008-03-02 20:04 . 2008-03-02 20:04 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2008-03-02 10:37 . 2008-03-02 10:37 1,158 --a------ C:\Windows\mozver.dat
2008-03-02 10:34 . 2008-03-02 10:34 <DIR> d-------- C:\Users\Omar\AppData\Roaming\Talkback
2008-03-01 17:38 . 2008-03-01 17:51 <DIR> d-------- C:\Users\Omar\AppData\Roaming\IcoFX
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Program Files\IcoFX 1.5
2008-02-29 16:42 . 2008-02-29 16:49 <DIR> d-------- C:\Program Files\Label Wizard
2008-02-28 13:54 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-02-28 13:54 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-02-28 13:54 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-02-28 13:54 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-02-28 13:54 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-02-28 13:54 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-02-28 13:53 . 2008-02-28 13:54 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-02-28 13:34 . 2008-02-28 13:34 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-28 13:34 . 2008-02-28 13:29 178,872 --a------ C:\Windows\System32\drivers\PavProc.sys
2008-02-28 13:34 . 2008-02-28 13:29 38,968 --a------ C:\Windows\System32\drivers\ShlDrv51.sys
2008-02-28 13:29 . 2007-09-28 13:24 46,648 --a------ C:\Windows\System32\drivers\amm8660.sys
2008-02-28 13:22 . 2008-02-28 13:22 <DIR> d-------- C:\Users\All Users\sentinel
2008-02-28 13:22 . 2008-02-28 13:22 <DIR> d-------- C:\ProgramData\sentinel
2008-02-28 13:21 . 2008-02-28 15:57 <DIR> d-------- C:\Windows\System32\PAV
2008-02-28 13:21 . 2007-03-15 18:38 54,832 --a------ C:\Windows\System32\pavcpl.cpl
2008-02-28 13:21 . 2008-02-28 13:21 248 --a------ C:\Windows\System32\PavCPL.dat
2008-02-28 13:20 . 2007-02-15 20:02 50,736 --a------ C:\Windows\System32\avldr.dll
2008-02-28 13:18 . 2008-02-28 13:20 <DIR> d-------- C:\Program Files\Panda Security
2008-02-28 12:43 . 2008-02-28 12:43 <DIR> d-------- C:\Program Files\CapCom
2008-02-26 17:42 . 2008-02-26 17:49 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-02-26 00:49 . 2008-02-26 00:49 <DIR> d-------- C:\Program Files\Sothink SWF Decompiler
2008-02-26 00:49 . 2008-02-26 00:49 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-02-22 23:44 . 2008-02-22 23:44 <DIR> d-------- C:\Program Files\iTunes
2008-02-22 23:44 . 2008-02-22 23:44 <DIR> d-------- C:\Program Files\iPod
2008-02-22 23:44 . 2008-03-06 19:00 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-22 23:44 . 2008-02-22 23:44 1,409 --a------ C:\Windows\QTFont.for
2008-02-17 12:07 . 2008-02-17 12:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-17 12:07 . 2008-02-17 12:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-17 12:01 . 2008-02-17 12:01 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-17 12:01 . 2008-02-17 12:01 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-17 12:01 . 2008-02-17 12:01 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-17 12:01 . 2008-02-17 12:01 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-17 12:01 . 2008-02-17 12:01 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-17 12:01 . 2008-02-17 12:01 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-17 12:01 . 2008-02-17 12:01 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-17 12:01 . 2008-02-17 12:01 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-17 12:00 . 2008-02-17 12:00 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 12:00 . 2008-02-17 12:00 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-17 12:00 . 2008-02-17 12:00 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-17 12:00 . 2008-02-17 12:00 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-17 12:00 . 2008-02-17 12:00 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-17 12:00 . 2008-02-17 12:00 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-17 12:00 . 2008-02-17 12:00 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-17 11:56 . 2008-02-17 11:56 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-17 10:53 . 2007-06-21 01:53 32,768 --a------ C:\Windows\System32\mf (2).dll
2008-02-17 10:41 . 2008-02-17 10:41 <DIR> d-------- C:\Users\All Users\Martau
2008-02-17 10:41 . 2008-02-17 10:41 <DIR> d-------- C:\ProgramData\Martau
2008-02-17 10:39 . 2008-02-17 10:40 <DIR> d-------- C:\Program Files\Total Uninstall 4
2008-02-17 02:27 . 2008-02-17 02:27 <DIR> d-------- C:\Users\All Users\Activision
2008-02-17 02:27 . 2008-02-17 02:27 <DIR> d-------- C:\ProgramData\Activision
2008-02-17 01:47 . 2008-02-17 01:47 <DIR> d-------- C:\Program Files\Traction Software
2008-02-16 09:18 . 2008-02-16 09:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 17:39 . 2008-03-02 13:39 390 --a------ C:\Windows\ANS2000.INI
2008-02-14 17:39 . 2008-03-02 11:06 20 --ah----- C:\Windows\akebook.ini
2008-02-14 17:39 . 2008-03-02 11:06 4 --ah----- C:\Windows\a3kebook.ini
2008-02-14 13:19 . 2008-02-17 10:51 <DIR> d-------- C:\Users\All Users\Microsoft Games
2008-02-14 13:19 . 2008-02-17 10:51 <DIR> d-------- C:\ProgramData\Microsoft Games
2008-02-14 13:11 . 2008-02-14 13:11 <DIR> d-------- C:\Users\Omar\AppData\Roaming\Microsoft Game Studios
2008-02-11 15:49 . 2008-02-11 15:49 <DIR> d-------- C:\Users\Omar\AppData\Roaming\dvdcss
2008-02-09 22:51 . 2008-02-09 22:51 <DIR> d-------- C:\Program Files\FDRLab
2008-02-09 21:32 . 2008-03-08 14:14 <DIR> d-------- C:\Users\Omar\AppData\Roaming\DNA
2008-02-09 21:32 . 2008-03-08 14:14 <DIR> d-------- C:\Users\Omar\AppData\Roaming\BitTorrent
2008-02-09 21:32 . 2008-02-09 21:32 <DIR> d-------- C:\Program Files\DNA
2008-02-09 21:32 . 2008-02-29 12:05 <DIR> d-------- C:\Program Files\BitTorrent
2008-02-09 18:18 . 2008-02-09 18:18 <DIR> d-------- C:\Users\Omar\AppData\Roaming\JAM Software
2008-02-09 18:15 . 2008-02-09 18:15 <DIR> d-------- C:\Program Files\TreeSize Professional
2008-02-08 09:25 . 2008-02-08 09:30 911 --a------ C:\Windows\STA2.ini
2008-02-08 09:24 . 2008-02-08 09:24 <DIR> d-------- C:\Users\Omar\AppData\Roaming\DAEMON Tools
2008-02-08 09:24 . 2008-02-08 09:24 <DIR> d-------- C:\Program Files\DAEMON Tools Lite

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 00:46 --------- d-----w C:\Users\Omar\AppData\Roaming\Corel
2008-03-06 23:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-06 23:39 155,995 ----a-w C:\Windows\Java\Packages\CRJ73PV5.ZIP
2008-03-06 22:43 --------- d-----w C:\Program Files\Java
2008-03-05 19:02 --------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix
2008-03-05 03:14 --------- d-----w C:\Users\Omar\AppData\Roaming\Winamp
2008-03-04 04:49 --------- d-----w C:\Program Files\Magic Video Converter
2008-03-03 23:29 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-03-03 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 18:11 --------- d-----w C:\Program Files\Activision
2008-03-03 17:34 --------- d-----w C:\Users\Omar\AppData\Roaming\InstallShield
2008-03-03 17:34 --------- d-----w C:\Program Files\THQ
2008-03-03 17:33 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-03 05:10 3,350 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-03-03 03:15 --------- d-----w C:\Users\Omar\AppData\Roaming\Vso
2008-02-29 15:01 --------- d-----w C:\Program Files\Star Trek Away Team
2008-02-28 18:12 --------- d-----w C:\ProgramData\McAfee
2008-02-28 17:49 --------- d-----w C:\ProgramData\SiteAdvisor
2008-02-27 00:27 --------- d-----w C:\Program Files\Far Cry
2008-02-25 18:09 --------- d-----w C:\Program Files\Kasparov Chessmate
2008-02-17 17:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 17:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 17:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 17:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 15:51 --------- d-----w C:\Program Files\Microsoft Games
2008-02-17 07:27 --------- d-----w C:\Users\Omar\AppData\Roaming\Activision
2008-02-17 06:47 --------- d-----w C:\Users\Omar\AppData\Roaming\GetRightToGo
2008-02-16 18:25 --------- d-----w C:\Users\Omar\AppData\Roaming\UseNeXT
2008-02-16 15:33 --------- d-----w C:\Program Files\Xilisoft
2008-02-16 15:33 --------- d-----w C:\Program Files\MSECACHE
2008-02-16 15:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 14:19 --------- d-----w C:\ProgramData\RoboForm
2008-02-09 23:52 --------- d-----w C:\Users\Omar\AppData\Roaming\Bioshock
2008-01-31 20:15 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-01-31 05:04 --------- d-----w C:\Program Files\Winamp
2008-01-26 22:56 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-25 05:15 --------- d-----w C:\Program Files\OO Software
2008-01-23 02:00 --------- d-----w C:\Program Files\CCleaner
2008-01-21 04:31 --------- d---a-w C:\ProgramData\TEMP
2008-01-21 02:15 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-01-21 02:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-17 11:29 --------- d-----w C:\Program Files\PowerISO
2008-01-17 01:27 --------- d-----w C:\Users\Omar\AppData\Roaming\MultimediaFeed.com
2008-01-17 01:27 --------- d-----w C:\Program Files\MultimediaFeed MP3 Tagger
2008-01-15 14:45 --------- d-----w C:\Program Files\Ubisoft
2008-01-14 19:19 --------- d-----w C:\Users\Omar\AppData\Roaming\Canon
2008-01-10 20:54 131,584 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-01-10 02:59 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 02:59 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 02:54 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 02:54 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 02:53 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-06 20:00 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2007-12-17 22:10 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2007-12-15 05:15 165,477 ----a-w C:\Windows\Video Cleaner Pro Uninstaller.exe
2007-12-15 01:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-15 01:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-15 01:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-09 18:17 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2007-12-09 18:17 17,212 ----atw C:\Windows\System32\SIntf32.dll
2007-12-09 18:17 12,067 ----atw C:\Windows\System32\SIntf16.dll
2007-12-09 02:27 5,020 ----a-w C:\Windows\inf\DataDirect Pervasive .NET Data Provider\0009\tmp369B.tmp
2007-12-09 02:27 5,020 ----a-w C:\Windows\inf\DataDirect Pervasive .NET Data Provider\0000\tmp369B.tmp
2007-11-16 17:28 22,328 ----a-w C:\Users\Omar\AppData\Roaming\PnkBstrK.sys
2007-09-13 17:42 17,394 ----a-w C:\Users\Omar\AppData\Roaming\wklnhst.dat
2007-08-29 03:19 174 --sha-w C:\Program Files\desktop.ini
2007-03-24 21:04 94,080 ----a-w C:\Users\Omar\AppData\Roaming\ezplay.sys
2007-03-24 21:04 87,608 ----a-w C:\Users\Omar\AppData\Roaming\ezpinst.exe
2007-03-24 21:04 47,360 ----a-w C:\Users\Omar\AppData\Roaming\pcouffin.sys
2007-04-17 03:19 88 --sh--r C:\Windows\System32\956A9C89ED.sys
2002-04-16 15:27 5 --sha-w C:\Windows\System32\CdI5T.drv
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC}"= "C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL" [2007-07-26 12:16 103808]

[HKEY_CLASSES_ROOT\clsid\{4516d1e3-bc1a-4b2f-83ec-f4d0302cd5ac}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{5394A76B-F52F-4149-8E55-3291DC4563F2}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC}"= C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL [2007-07-26 12:16 103808]

[HKEY_CLASSES_ROOT\clsid\{4516d1e3-bc1a-4b2f-83ec-f4d0302cd5ac}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{5394A76B-F52F-4149-8E55-3291DC4563F2}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:53 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"wben"="C:\Program Files\Starfield\Desktop Notifier\wben.exe" [2007-11-06 14:12 312024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-09 21:32 290112]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-16 09:20 160592]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"ProvideSupportOperatorConsole[default]"="C:\PROGRA~1\PROVID~1\PROVID~1.exe" [2007-01-29 18:37 3858432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-10-31 22:47 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-10-31 22:44 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2008-01-31 23:13 385024]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:14 455984]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 12:38 303104 C:\Windows\sttray.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Explorer.lnk - C:\Windows\explorer.exe [2007-11-15 10:00:50 2923520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanzarL2007]
C:\Users\Omar\AppData\Local\Temp\{E3361C39-565C-4D19-8982-54ABFB0D56A5}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2284226963-1265642083-3178862661-1002]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2284226963-1265642083-3178862661-500]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DAD7A092-D66B-47FC-83E4-D15B32343E56}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{62B8BB02-091B-46FE-9FC6-D0184A547043}"= UDP:11616:uTorrent
"{06D0ED3F-B6BF-4A72-B516-7E96BF6AB647}"= UDP:8535:BitComet 8535 TCP
"{50684BA0-75A1-4AA4-B446-661CAF3022B9}"= TCP:8535:BitComet 8535 UDP
"{D4D7CFE9-D698-44BD-9B19-76EF9755A8DE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F6EC1D8C-0C86-488A-977C-E4F6BF473003}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A7989950-C5CA-4713-8D8B-32BC706842DF}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{72EE87BB-D79A-4149-B7F8-FE300DC88A79}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8AB5D0A5-5A52-43D3-B29A-E7AF7786A30F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7ED63EE5-A176-4AF4-A639-DEE3DA617163}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{FF8CD612-FFDF-437B-8F30-6DECAC4C470E}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{B3925807-9785-4B8C-AF31-15B211C342A6}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{86119683-335F-4899-8C95-713B4790DFE2}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{30666D0E-5A74-4E89-B3BC-DAB2566DD0AF}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0E420FE9-19E8-4845-B7FA-4567C65FA918}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{24DA4F2A-7764-4535-B940-A46F7791A2C0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{0D90B82F-2191-45C5-9397-6BA0C8D3455F}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{4D1FD499-A2F3-4BB2-B02B-383C10ED4E7F}"= UDP:C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{2A80DD3C-DD6A-4277-B581-51E35C755426}"= TCP:C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{3E4088EB-BC7F-413F-8E72-EDE3D525FCFE}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{45379E43-6597-4249-BF48-595D03606646}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{A9DB1FA5-2CF8-4BC8-843B-F827E0EF5F08}"= UDP:C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{4D70967D-9B68-4E54-B7C3-52F68A0CDB9B}"= TCP:C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{C477C5F0-E596-4723-A480-AFA1C6BB7EB0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{2F377628-078B-42BB-B090-052D075D2718}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8875435B-8A31-4179-90EB-4170F7F42A5A}"= UDP:C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:Age of Empires II
"{1291AD47-8A61-4BA7-9EF0-28047692935E}"= TCP:C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:Age of Empires II
"{CA70CD8C-2EEB-4332-BF24-9DD9BEEFF5F1}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{CC6E18AD-3728-4E3B-8996-A9EA8CF24EB7}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{F8A16569-7FA5-4EF2-80D8-A05D27DAFE9F}"= UDP:6667:GameSpy IRC
"{63F7D53A-7A18-4D26-8A2B-61F6D1A1ED45}"= UDP:3783:GameSpy (Voice Chat)
"{D567797E-9463-4EEE-99CB-6B36C97DD91C}"= UDP:27900:GameSpy (Master Server UDP HeartBeat)
"{406D4356-70D6-47CD-ACC3-9D5CD2076F0E}"= UDP:28900:28900 (Master Server List Request)
"{A409A4A1-D0EE-4D2E-A81E-2CFA302245FD}"= UDP:29900:GameSpy (GP Connection Manager)
"{3A2699AD-8C90-4755-B543-AF4CE0C6A334}"= UDP:29901:GameSpy (GP Search Manager)
"{DFB9E147-B90B-4ECE-8265-69CE2195BD59}"= UDP:13139:GameSpy (Custom UDP Pings)
"{839D0CA6-F34E-4E18-9190-623E63581029}"= UDP:6515:GameSpy (Dplay UDP)
"{EE3C8CC7-6032-4320-A884-761C5AE57EED}"= UDP:6500:GameSpy (Query Port)
"{B26F43A3-4595-4DCB-B489-08703CDA9A8B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{0E1349BB-21EF-4502-A7B9-CC421400E7EB}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{868A7700-663A-4A9B-A545-B8852320119C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{52F1F4E7-42B9-43A9-A79D-B8D04A1C80CE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ECEA6BE6-C433-4244-AD32-C9541E946459}"= UDP:C:\Program Files\MultimediaFeed MP3 Tagger\MultimediaFeed MP3 Tagger.exe:MultimediaFeed MP3 Tagger
"{865C003A-1D0E-4CC8-8A5D-B33BBEF15A28}"= TCP:C:\Program Files\MultimediaFeed MP3 Tagger\MultimediaFeed MP3 Tagger.exe:MultimediaFeed MP3 Tagger
"{1BC727C3-B2F2-4C57-B049-D7BD29426A58}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{0B580717-F910-4D83-8560-F5E7C29BD0A9}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{C617B230-F8D0-49E4-987F-5CEB1ED460DA}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{70B81EC9-BB8C-461C-B116-E6AF235B0952}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{7289BBCF-1FE7-4072-ADAE-9E2AC5339C7E}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{340949F9-6667-4DCE-9E28-EF86A9879AEF}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{CE4C43FE-847B-4881-81C4-E1BF817DE663}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B23FA1C0-377C-4F80-86E6-99172C2BCFED}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\WINDOWS\winlogon.exe"= C:\WINDOWS\winlogon.exe
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2008-02-28 13:29]
R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-09-28 13:24]
R2 atchksrv;Intel® AMT System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2006-10-30 19:53]
R2 LMS;Intel® Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-10-30 19:53]
R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2008-02-28 13:29]
R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe" [2007-03-21 19:32]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-21 21:08]
R3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 04:50]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46]
S2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-21 21:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{057c59fc-d38d-11dc-86a5-0019d1121e78}]
\shell\AutoRun\command - F:\penumbra_bp_ger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{386c0fa8-5ad8-11dc-a6e1-0019d1121e78}]
\shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a93e927-9388-11dc-9c31-0019d1121e78}]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e989fac-930e-11dc-84a7-0019d1121e78}]
\shell\AutoRun\command - E:\AutoRunCD.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b4a3a94-18fb-11dc-8d8b-0019d1121e78}]
\shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3d23c4-d01f-11db-bf80-0019d1121e78}]
\shell\AutoRun\command - F:\doNada.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {F8487D71-8722-24E3-AC1E-8BA8B34E8832} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 18:10:02 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-30 18:47:23 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-30 18:46:37 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 14:19:35
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 14:20:20
ComboFix-quarantined-files.txt 2008-03-08 19:20:18
.
2008-03-02 19:34:30 --- E O F ---

[ViGiLANT3]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:49 PM, on 3/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\oodtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Starfield\Desktop Notifier\wben.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {89DA4F2C-91AE-44B2-84A9-A5D9F682E737} - (no file)
O3 - Toolbar: CalorieKing Joslin Browser Toolbar - {4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC} - C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\PROGRA~1\PROVID~1\PROVID~1.EXE" /profile default
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Explorer.lnk = C:\Windows\explorer.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {10072CEC-8CC1-11D1-986E-00A0C955B42E} (PeerDraw Class) - http://www.amazon.co...b_dp_pt/vgx.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-ca.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DNS4Me (DNS4MeClient) - Unknown owner - C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClient.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 11379 bytes

[andrewuk]

firstly, did you install probot? http://www.logiguard...re/p/probot.htm


secondly:

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Windows\STA2.ini
C:\WINDOWS\winlogon.exe

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Internet Explorer\Toolbar]
"{0BF43445-2F28-4351-9252-17FE6E806AA0}"=-
"{89DA4F2C-91AE-44B2-84A9-A5D9F682E737}"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{057c59fc-d38d-11dc-86a5-0019d1121e78}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{386c0fa8-5ad8-11dc-a6e1-0019d1121e78}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a93e927-9388-11dc-9c31-0019d1121e78}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e989fac-930e-11dc-84a7-0019d1121e78}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b4a3a94-18fb-11dc-8d8b-0019d1121e78}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea3d23c4-d01f-11db-bf80-0019d1121e78}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

In your next reply could i see:
1. the answer to the probot question
2. the combofix log
3. a new hijackthis log

andrewuk

Edited by andrewuk, 08 March 2008 - 04:12 PM.

[ViGiLANT3]

ComboFix 08-03-07.4 - Omar 2008-03-08 21:01:29.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1076 [GMT -5:00]
Running from: C:\Users\Omar\Desktop\ComboFix.exe
Command switches used :: C:\Users\Omar\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Windows\STA2.ini
C:\WINDOWS\winlogon.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\STA2.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-09 to 2008-03-09 )))))))))))))))))))))))))))))))
.

2008-03-08 14:11 . 2008-03-08 14:12 <DIR> d-------- C:\HostsXpert 4.2 - Hosts File Manager
2008-03-08 12:27 . 2008-03-08 12:28 <DIR> d-------- C:\SmitfraudFix
2008-03-08 12:27 . 2008-03-08 12:27 1,303,855 --a------ C:\SmitfraudFix.exe
2008-03-06 18:39 . 2008-03-06 18:39 <DIR> d-------- C:\Windows\Java
2008-03-06 18:39 . 2002-02-18 07:34 313,856 --a------ C:\Windows\System32\dx3j.dll
2008-03-06 18:39 . 2002-02-18 10:22 171,280 --a------ C:\Windows\System32\jit.dll
2008-03-06 18:39 . 2002-02-18 10:22 139,536 --a------ C:\Windows\System32\javaee.dll
2008-03-06 18:39 . 2002-02-18 10:23 46,352 --a------ C:\Windows\setdebug.exe
2008-03-06 18:39 . 2002-02-18 07:55 7,315 --a------ C:\Windows\System32\javasup.vxd
2008-03-06 18:39 . 2002-02-18 07:35 6,550 --a------ C:\Windows\jautoexp.dat
2008-03-06 18:38 . 2008-03-06 18:39 <DIR> d-------- C:\Program Files\Hushmail for Outlook
2008-03-06 18:24 . 2008-03-06 18:24 <DIR> d-------- C:\Deckard
2008-03-03 14:50 . 2008-03-03 14:50 <DIR> d-------- C:\Program Files\SigmaTel
2008-03-03 14:50 . 2006-11-02 12:39 4,931,584 --a------ C:\Windows\System32\stacgui.cpl
2008-03-03 14:50 . 2006-11-02 12:38 1,146,880 --a------ C:\Windows\System32\stlang.dll
2008-03-03 14:50 . 2006-11-02 12:39 520,192 --a------ C:\Windows\System32\stapo.dll
2008-03-03 14:50 . 2006-11-02 12:38 303,104 --a------ C:\Windows\sttray.exe
2008-03-03 14:50 . 2006-11-02 12:39 140,800 --a------ C:\Windows\System32\staco.dll
2008-03-03 14:50 . 2006-11-02 12:39 91,648 --a------ C:\Windows\System32\stcplx.dll
2008-03-03 14:50 . 2006-11-02 12:39 90,112 --a------ C:\Windows\System32\stacsv.exe
2008-03-03 14:44 . 2008-03-03 14:44 <DIR> d-------- C:\dell
2008-03-03 14:39 . 2008-03-03 14:39 <DIR> d-------- C:\pnp
2008-03-03 13:58 . 2008-03-03 14:21 <DIR> d-------- C:\Program Files\Abexo
2008-03-03 13:58 . 2008-03-03 13:58 241 --a------ C:\Windows\Wininit.ini
2008-03-03 10:26 . 2008-03-03 10:26 <DIR> d-------- C:\Program Files\Paradox Interactive
2008-03-02 20:04 . 2008-03-02 20:04 <DIR> d-------- C:\Program Files\AVI MPEG RM WMV Joiner
2008-03-02 10:37 . 2008-03-02 10:37 1,158 --a------ C:\Windows\mozver.dat
2008-03-02 10:34 . 2008-03-02 10:34 <DIR> d-------- C:\Users\Omar\AppData\Roaming\Talkback
2008-03-01 17:38 . 2008-03-01 17:51 <DIR> d-------- C:\Users\Omar\AppData\Roaming\IcoFX
2008-03-01 17:38 . 2008-03-01 17:38 <DIR> d-------- C:\Program Files\IcoFX 1.5
2008-02-29 16:42 . 2008-02-29 16:49 <DIR> d-------- C:\Program Files\Label Wizard
2008-02-28 13:54 . 2007-10-12 15:14 3,734,536 --a------ C:\Windows\System32\d3dx9_36.dll
2008-02-28 13:54 . 2007-10-12 15:14 1,374,232 --a------ C:\Windows\System32\D3DCompiler_36.dll
2008-02-28 13:54 . 2007-10-02 09:56 444,776 --a------ C:\Windows\System32\d3dx10_36.dll
2008-02-28 13:54 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll
2008-02-28 13:54 . 2007-07-20 00:57 267,112 --a------ C:\Windows\System32\xactengine2_9.dll
2008-02-28 13:54 . 2007-10-22 03:37 17,928 --a------ C:\Windows\System32\X3DAudio1_2.dll
2008-02-28 13:53 . 2008-02-28 13:54 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-02-28 13:34 . 2008-02-28 13:34 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-02-28 13:34 . 2008-02-28 13:29 178,872 --a------ C:\Windows\System32\drivers\PavProc.sys
2008-02-28 13:34 . 2008-02-28 13:29 38,968 --a------ C:\Windows\System32\drivers\ShlDrv51.sys
2008-02-28 13:29 . 2007-09-28 13:24 46,648 --a------ C:\Windows\System32\drivers\amm8660.sys
2008-02-28 13:22 . 2008-02-28 13:22 <DIR> d-------- C:\Users\All Users\sentinel
2008-02-28 13:22 . 2008-02-28 13:22 <DIR> d-------- C:\ProgramData\sentinel
2008-02-28 13:21 . 2008-02-28 15:57 <DIR> d-------- C:\Windows\System32\PAV
2008-02-28 13:21 . 2007-03-15 18:38 54,832 --a------ C:\Windows\System32\pavcpl.cpl
2008-02-28 13:21 . 2008-02-28 13:21 248 --a------ C:\Windows\System32\PavCPL.dat
2008-02-28 13:20 . 2007-02-15 20:02 50,736 --a------ C:\Windows\System32\avldr.dll
2008-02-28 13:18 . 2008-02-28 13:20 <DIR> d-------- C:\Program Files\Panda Security
2008-02-28 12:43 . 2008-02-28 12:43 <DIR> d-------- C:\Program Files\CapCom
2008-02-26 17:42 . 2008-02-26 17:49 <DIR> d-------- C:\Program Files\YouTube Downloader
2008-02-26 00:49 . 2008-02-26 00:49 <DIR> d-------- C:\Program Files\Sothink SWF Decompiler
2008-02-26 00:49 . 2008-02-26 00:49 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-02-22 23:44 . 2008-02-22 23:44 <DIR> d-------- C:\Program Files\iTunes
2008-02-22 23:44 . 2008-02-22 23:44 <DIR> d-------- C:\Program Files\iPod
2008-02-22 23:44 . 2008-03-06 19:00 54,156 --ah----- C:\Windows\QTFont.qfn
2008-02-22 23:44 . 2008-02-22 23:44 1,409 --a------ C:\Windows\QTFont.for
2008-02-17 12:07 . 2008-02-17 12:07 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-17 12:07 . 2008-02-17 12:07 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-17 12:01 . 2008-02-17 12:01 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-17 12:01 . 2008-02-17 12:01 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-17 12:01 . 2008-02-17 12:01 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-17 12:01 . 2008-02-17 12:01 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-17 12:01 . 2008-02-17 12:01 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-17 12:01 . 2008-02-17 12:01 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-17 12:01 . 2008-02-17 12:01 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-17 12:01 . 2008-02-17 12:01 15,928 --a------ C:\Windows\System32\drivers\pciide.sys
2008-02-17 12:00 . 2008-02-17 12:00 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-17 12:00 . 2008-02-17 12:00 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-17 12:00 . 2008-02-17 12:00 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-17 12:00 . 2008-02-17 12:00 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-17 12:00 . 2008-02-17 12:00 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-17 12:00 . 2008-02-17 12:00 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-17 12:00 . 2008-02-17 12:00 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-17 11:56 . 2008-02-17 11:56 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-17 10:53 . 2007-06-21 01:53 32,768 --a------ C:\Windows\System32\mf (2).dll
2008-02-17 10:41 . 2008-02-17 10:41 <DIR> d-------- C:\Users\All Users\Martau
2008-02-17 10:41 . 2008-02-17 10:41 <DIR> d-------- C:\ProgramData\Martau
2008-02-17 10:39 . 2008-02-17 10:40 <DIR> d-------- C:\Program Files\Total Uninstall 4
2008-02-17 02:27 . 2008-02-17 02:27 <DIR> d-------- C:\Users\All Users\Activision
2008-02-17 02:27 . 2008-02-17 02:27 <DIR> d-------- C:\ProgramData\Activision
2008-02-17 01:47 . 2008-02-17 01:47 <DIR> d-------- C:\Program Files\Traction Software
2008-02-16 09:18 . 2008-02-16 09:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-14 17:39 . 2008-03-02 13:39 390 --a------ C:\Windows\ANS2000.INI
2008-02-14 17:39 . 2008-03-02 11:06 20 --ah----- C:\Windows\akebook.ini
2008-02-14 17:39 . 2008-03-02 11:06 4 --ah----- C:\Windows\a3kebook.ini
2008-02-14 13:19 . 2008-02-17 10:51 <DIR> d-------- C:\Users\All Users\Microsoft Games
2008-02-14 13:19 . 2008-02-17 10:51 <DIR> d-------- C:\ProgramData\Microsoft Games
2008-02-14 13:11 . 2008-02-14 13:11 <DIR> d-------- C:\Users\Omar\AppData\Roaming\Microsoft Game Studios
2008-02-11 15:49 . 2008-02-11 15:49 <DIR> d-------- C:\Users\Omar\AppData\Roaming\dvdcss
2008-02-09 22:51 . 2008-02-09 22:51 <DIR> d-------- C:\Program Files\FDRLab
2008-02-09 21:32 . 2008-03-08 21:00 <DIR> d-------- C:\Users\Omar\AppData\Roaming\DNA
2008-02-09 21:32 . 2008-03-08 14:14 <DIR> d-------- C:\Users\Omar\AppData\Roaming\BitTorrent
2008-02-09 21:32 . 2008-02-09 21:32 <DIR> d-------- C:\Program Files\DNA
2008-02-09 21:32 . 2008-02-29 12:05 <DIR> d-------- C:\Program Files\BitTorrent
2008-02-09 18:18 . 2008-02-09 18:18 <DIR> d-------- C:\Users\Omar\AppData\Roaming\JAM Software
2008-02-09 18:15 . 2008-02-09 18:15 <DIR> d-------- C:\Program Files\TreeSize Professional

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 01:52 --------- d-----w C:\Users\Omar\AppData\Roaming\Corel
2008-03-06 23:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-06 23:39 155,995 ----a-w C:\Windows\Java\Packages\CRJ73PV5.ZIP
2008-03-06 22:43 --------- d-----w C:\Program Files\Java
2008-03-05 19:02 --------- d-----w C:\Program Files\Soldier of Fortune II - Double Helix
2008-03-05 03:14 --------- d-----w C:\Users\Omar\AppData\Roaming\Winamp
2008-03-04 04:49 --------- d-----w C:\Program Files\Magic Video Converter
2008-03-03 23:29 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-03-03 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 18:11 --------- d-----w C:\Program Files\Activision
2008-03-03 17:34 --------- d-----w C:\Users\Omar\AppData\Roaming\InstallShield
2008-03-03 17:34 --------- d-----w C:\Program Files\THQ
2008-03-03 17:33 --------- d-----w C:\ProgramData\Media Center Programs
2008-03-03 05:10 3,350 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-03-03 03:15 --------- d-----w C:\Users\Omar\AppData\Roaming\Vso
2008-02-29 15:01 --------- d-----w C:\Program Files\Star Trek Away Team
2008-02-28 18:12 --------- d-----w C:\ProgramData\McAfee
2008-02-28 17:49 --------- d-----w C:\ProgramData\SiteAdvisor
2008-02-27 00:27 --------- d-----w C:\Program Files\Far Cry
2008-02-25 18:09 --------- d-----w C:\Program Files\Kasparov Chessmate
2008-02-17 17:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-17 17:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-17 17:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-17 17:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-17 15:51 --------- d-----w C:\Program Files\Microsoft Games
2008-02-17 07:27 --------- d-----w C:\Users\Omar\AppData\Roaming\Activision
2008-02-17 06:47 --------- d-----w C:\Users\Omar\AppData\Roaming\GetRightToGo
2008-02-16 18:25 --------- d-----w C:\Users\Omar\AppData\Roaming\UseNeXT
2008-02-16 15:33 --------- d-----w C:\Program Files\Xilisoft
2008-02-16 15:33 --------- d-----w C:\Program Files\MSECACHE
2008-02-16 15:28 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-16 14:19 --------- d-----w C:\ProgramData\RoboForm
2008-02-09 23:52 --------- d-----w C:\Users\Omar\AppData\Roaming\Bioshock
2008-02-08 14:24 --------- d-----w C:\Users\Omar\AppData\Roaming\DAEMON Tools
2008-02-08 14:24 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-31 20:15 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-01-31 05:04 --------- d-----w C:\Program Files\Winamp
2008-01-26 22:56 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-25 05:15 --------- d-----w C:\Program Files\OO Software
2008-01-23 02:00 --------- d-----w C:\Program Files\CCleaner
2008-01-21 04:31 --------- d---a-w C:\ProgramData\TEMP
2008-01-21 02:15 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-01-21 02:08 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-17 11:29 --------- d-----w C:\Program Files\PowerISO
2008-01-17 01:27 --------- d-----w C:\Users\Omar\AppData\Roaming\MultimediaFeed.com
2008-01-17 01:27 --------- d-----w C:\Program Files\MultimediaFeed MP3 Tagger
2008-01-15 14:45 --------- d-----w C:\Program Files\Ubisoft
2008-01-14 19:19 --------- d-----w C:\Users\Omar\AppData\Roaming\Canon
2008-01-10 20:54 131,584 ----a-w C:\Windows\System32\SpoonUninstall.exe
2008-01-10 02:59 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 02:59 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 02:54 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 02:54 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-10 02:53 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-06 20:00 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2007-12-17 22:10 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2007-12-15 05:15 165,477 ----a-w C:\Windows\Video Cleaner Pro Uninstaller.exe
2007-12-15 01:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-15 01:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-15 01:07 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-09 18:17 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2007-12-09 18:17 17,212 ----atw C:\Windows\System32\SIntf32.dll
2007-12-09 18:17 12,067 ----atw C:\Windows\System32\SIntf16.dll
2007-12-09 02:27 5,020 ----a-w C:\Windows\inf\DataDirect Pervasive .NET Data Provider\0009\tmp369B.tmp
2007-12-09 02:27 5,020 ----a-w C:\Windows\inf\DataDirect Pervasive .NET Data Provider\0000\tmp369B.tmp
2007-11-16 17:28 22,328 ----a-w C:\Users\Omar\AppData\Roaming\PnkBstrK.sys
2007-09-13 17:42 17,394 ----a-w C:\Users\Omar\AppData\Roaming\wklnhst.dat
2007-08-29 03:19 174 --sha-w C:\Program Files\desktop.ini
2007-03-24 21:04 94,080 ----a-w C:\Users\Omar\AppData\Roaming\ezplay.sys
2007-03-24 21:04 87,608 ----a-w C:\Users\Omar\AppData\Roaming\ezpinst.exe
2007-03-24 21:04 47,360 ----a-w C:\Users\Omar\AppData\Roaming\pcouffin.sys
2007-04-17 03:19 88 --sh--r C:\Windows\System32\956A9C89ED.sys
2002-04-16 15:27 5 --sha-w C:\Windows\System32\CdI5T.drv
.

((((((((((((((((((((((((((((( snapshot@2008-03-08_14.19.59.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-08 19:13:14 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-09 01:13:17 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-08 19:14:57 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-09 02:01:04 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-08 18:14:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-09 01:56:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-08 18:14:18 409,600 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-09 01:56:02 409,600 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-08 18:14:18 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-09 01:56:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC}"= "C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL" [2007-07-26 12:16 103808]

[HKEY_CLASSES_ROOT\clsid\{4516d1e3-bc1a-4b2f-83ec-f4d0302cd5ac}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{5394A76B-F52F-4149-8E55-3291DC4563F2}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC}"= C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL [2007-07-26 12:16 103808]

[HKEY_CLASSES_ROOT\clsid\{4516d1e3-bc1a-4b2f-83ec-f4d0302cd5ac}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{5394A76B-F52F-4149-8E55-3291DC4563F2}]
[HKEY_CLASSES_ROOT\CKToolbar.CKToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 21:53 1232896]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"wben"="C:\Program Files\Starfield\Desktop Notifier\wben.exe" [2007-11-06 14:12 312024]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 11:51 486856]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-02-09 21:32 290112]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-02-16 09:20 160592]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:36 201728]
"ProvideSupportOperatorConsole[default]"="C:\PROGRA~1\PROVID~1\PROVID~1.exe" [2007-01-29 18:37 3858432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-10-31 22:47 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-10-31 22:44 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"QuickTime Task"="C:\Program Files\VistaCodecPack\QT\QTTask.exe" [2008-01-31 23:13 385024]
"OODefragTray"="C:\Windows\system32\oodtray.exe" [2007-05-11 02:08 2512392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [2007-10-04 15:14 455984]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-02 12:38 303104 C:\Windows\sttray.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Explorer.lnk - C:\Windows\explorer.exe [2007-11-15 10:00:50 2923520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-02-15 20:02 50736 C:\Windows\System32\avldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanzarL2007]
C:\Users\Omar\AppData\Local\Temp\{E3361C39-565C-4D19-8982-54ABFB0D56A5}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2284226963-1265642083-3178862661-1002]
"EnableNotificationsRef"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2284226963-1265642083-3178862661-500]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DAD7A092-D66B-47FC-83E4-D15B32343E56}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{62B8BB02-091B-46FE-9FC6-D0184A547043}"= UDP:11616:uTorrent
"{06D0ED3F-B6BF-4A72-B516-7E96BF6AB647}"= UDP:8535:BitComet 8535 TCP
"{50684BA0-75A1-4AA4-B446-661CAF3022B9}"= TCP:8535:BitComet 8535 UDP
"{D4D7CFE9-D698-44BD-9B19-76EF9755A8DE}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{F6EC1D8C-0C86-488A-977C-E4F6BF473003}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A7989950-C5CA-4713-8D8B-32BC706842DF}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{72EE87BB-D79A-4149-B7F8-FE300DC88A79}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8AB5D0A5-5A52-43D3-B29A-E7AF7786A30F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7ED63EE5-A176-4AF4-A639-DEE3DA617163}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{FF8CD612-FFDF-437B-8F30-6DECAC4C470E}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{B3925807-9785-4B8C-AF31-15B211C342A6}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{86119683-335F-4899-8C95-713B4790DFE2}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander
"{30666D0E-5A74-4E89-B3BC-DAB2566DD0AF}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{0E420FE9-19E8-4845-B7FA-4567C65FA918}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{24DA4F2A-7764-4535-B940-A46F7791A2C0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{0D90B82F-2191-45C5-9397-6BA0C8D3455F}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{4D1FD499-A2F3-4BB2-B02B-383C10ED4E7F}"= UDP:C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{2A80DD3C-DD6A-4277-B581-51E35C755426}"= TCP:C:\Program Files\Sierra Entertainment\Empire Earth III\EE3.exe:Empire Earth III
"{3E4088EB-BC7F-413F-8E72-EDE3D525FCFE}"= UDP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{45379E43-6597-4249-BF48-595D03606646}"= TCP:C:\Program Files\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:Gears of War
"{A9DB1FA5-2CF8-4BC8-843B-F827E0EF5F08}"= UDP:C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{4D70967D-9B68-4E54-B7C3-52F68A0CDB9B}"= TCP:C:\Program Files\Eidos\Kane and Lynch Dead Men\kaneandlynch.exe:Kane & Lynch: Dead Men
"{C477C5F0-E596-4723-A480-AFA1C6BB7EB0}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{2F377628-078B-42BB-B090-052D075D2718}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty® 4 - Modern Warfare™
"{8875435B-8A31-4179-90EB-4170F7F42A5A}"= UDP:C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:Age of Empires II
"{1291AD47-8A61-4BA7-9EF0-28047692935E}"= TCP:C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:Age of Empires II
"{CA70CD8C-2EEB-4332-BF24-9DD9BEEFF5F1}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{CC6E18AD-3728-4E3B-8996-A9EA8CF24EB7}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{F8A16569-7FA5-4EF2-80D8-A05D27DAFE9F}"= UDP:6667:GameSpy IRC
"{63F7D53A-7A18-4D26-8A2B-61F6D1A1ED45}"= UDP:3783:GameSpy (Voice Chat)
"{D567797E-9463-4EEE-99CB-6B36C97DD91C}"= UDP:27900:GameSpy (Master Server UDP HeartBeat)
"{406D4356-70D6-47CD-ACC3-9D5CD2076F0E}"= UDP:28900:28900 (Master Server List Request)
"{A409A4A1-D0EE-4D2E-A81E-2CFA302245FD}"= UDP:29900:GameSpy (GP Connection Manager)
"{3A2699AD-8C90-4755-B543-AF4CE0C6A334}"= UDP:29901:GameSpy (GP Search Manager)
"{DFB9E147-B90B-4ECE-8265-69CE2195BD59}"= UDP:13139:GameSpy (Custom UDP Pings)
"{839D0CA6-F34E-4E18-9190-623E63581029}"= UDP:6515:GameSpy (Dplay UDP)
"{EE3C8CC7-6032-4320-A884-761C5AE57EED}"= UDP:6500:GameSpy (Query Port)
"{B26F43A3-4595-4DCB-B489-08703CDA9A8B}"= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{0E1349BB-21EF-4502-A7B9-CC421400E7EB}"= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{868A7700-663A-4A9B-A545-B8852320119C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{52F1F4E7-42B9-43A9-A79D-B8D04A1C80CE}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{ECEA6BE6-C433-4244-AD32-C9541E946459}"= UDP:C:\Program Files\MultimediaFeed MP3 Tagger\MultimediaFeed MP3 Tagger.exe:MultimediaFeed MP3 Tagger
"{865C003A-1D0E-4CC8-8A5D-B33BBEF15A28}"= TCP:C:\Program Files\MultimediaFeed MP3 Tagger\MultimediaFeed MP3 Tagger.exe:MultimediaFeed MP3 Tagger
"{1BC727C3-B2F2-4C57-B049-D7BD29426A58}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{0B580717-F910-4D83-8560-F5E7C29BD0A9}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{C617B230-F8D0-49E4-987F-5CEB1ED460DA}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{70B81EC9-BB8C-461C-B116-E6AF235B0952}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{7289BBCF-1FE7-4072-ADAE-9E2AC5339C7E}"= UDP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{340949F9-6667-4DCE-9E28-EF86A9879AEF}"= TCP:C:\Program Files\Microsoft Games\Halo 2\halo2.exe:Halo 2
"{CE4C43FE-847B-4881-81C4-E1BF817DE663}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B23FA1C0-377C-4F80-86E6-99172C2BCFED}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe"= C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
"C:\WINDOWS\winlogon.exe"= C:\WINDOWS\winlogon.exe
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ShldDrv;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShlDrv51.sys [2008-02-28 13:29]
R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm8660.sys [2007-09-28 13:24]
R2 atchksrv;Intel® AMT System Status Service;C:\Program Files\Intel\AMT\atchksrv.exe [2006-10-30 19:53]
R2 LMS;Intel® Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-10-30 19:53]
R2 PavProc;Panda Process Protection Driver;C:\Windows\system32\DRIVERS\PavProc.sys [2008-02-28 13:29]
R2 PskSvcRetail;Panda PSK service;"C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe" [2007-03-21 19:32]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-21 21:08]
R3 TPM;TPM;C:\Windows\system32\drivers\tpm.sys [2006-11-02 04:50]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 16:46]
S2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 05:29]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-08-21 21:08]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {F8487D71-8722-24E3-AC1E-8BA8B34E8832} /qb
.
Contents of the 'Scheduled Tasks' folder
"2008-03-08 19:47:00 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-30 18:47:23 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-30 18:46:37 C:\Windows\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 21:05:14
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-08 21:05:55
ComboFix-quarantined-files.txt 2008-03-09 02:05:53
ComboFix2.txt 2008-03-08 19:20:20
.
2008-03-02 19:34:30 --- E O F ---

[ViGiLANT3]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:35 PM, on 3/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\sttray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Starfield\Desktop Notifier\wben.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {89DA4F2C-91AE-44B2-84A9-A5D9F682E737} - (no file)
O3 - Toolbar: CalorieKing Joslin Browser Toolbar - {4516D1E3-BC1A-4B2F-83EC-F4D0302CD5AC} - C:\PROGRA~1\CALORI~1\CALORI~1\CKTOOL~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\VistaCodecPack\QT\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [wben] "C:\Program Files\Starfield\Desktop Notifier\wben.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ProvideSupportOperatorConsole[default]] "C:\PROGRA~1\PROVID~1\PROVID~1.EXE" /profile default
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Explorer.lnk = C:\Windows\explorer.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {10072CEC-8CC1-11D1-986E-00A0C955B42E} (PeerDraw Class) - http://www.amazon.co...b_dp_pt/vgx.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....NPUplden-ca.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer....l/installer.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® AMT System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DNS4Me (DNS4MeClient) - Unknown owner - C:\Program Files\RhinoSoft.com\DNS4Me\DNS4MeClient.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrvx86.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PskSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

--
End of file - 11252 bytes

[ViGiLANT3]

In response to whether I installed the program you mentioned: No

[andrewuk]

in this post we will remove the final traces of malware i can see, and remove Probot (or at least the remaining files). we will also do some scans to see what else is lurking on your machine.

the scans will likely take 2 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {89DA4F2C-91AE-44B2-84A9-A5D9F682E737} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Probot <== though i doubt that is there

Please note any other programs that you dont recognize in that list in your next response



====STEP 2====
1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Windows\ANS2000.INI
C:\Windows\akebook.ini
C:\Windows\a3kebook.ini

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\winlogon.exe"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. If asked to reboot, then reboot.


====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

====STEP 4====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 5====
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

In your next reply could i see:
1. the SUPERantispyware log
2. the malwarebytes log
3. the kaspersky log
4. a new hijackthis log

(i dont need to see the combofix log this time)

there will be a lot of information to post in the next reply, therefore you may need to post the information over more than one reply to ensure it is all posted.

andrewuk

[ViGiLANT3]

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/09/2008 at 10:57 AM

Application Version : 4.0.1154

Core Rules Database Version : 3416
Trace Rules Database Version: 1408

Scan type : Complete Scan
Total Scan Time : 11:21:49

Memory items scanned : 627
Memory threats detected : 0
Registry items scanned : 8248
Registry threats detected : 0
File items scanned : 1886028
File threats detected : 88

Adware.Tracking Cookie
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@atwola[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@adcentriconline[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@advertising[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@adinterax[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@interclick[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@toplist[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@tribalfusion[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@xiti[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@atdmt[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@adbrite[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@clickfire[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@revsci[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@2o7[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@media6degrees[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@nextstat[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@findmysoft[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@youporn[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@adultadworld[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@yadro[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@247realmedia[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@partypoker[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@clickaider[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@clicktorrent[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@realmedia[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@specificclick[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@linkstattrack[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@entrepreneur[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@serving-sys[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@web-stat[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][6].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@my-calorie-counter[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@overture[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@empornium[2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@tacoda[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@keywordmax[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@adlegend[1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][7].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Omar\AppData\Roaming\Microsoft\Windows\Cookies\omar@hotlog[1].txt