Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Grokloader - How do I properly remove it? [Solved]


  • This topic is locked This topic is locked

#1
Phillip...

Phillip...

    Member

  • Member
  • PipPip
  • 40 posts
Hi. I've tried to remove grokloader before, via spybot, then again when it came up in scan results, in safe mode. It still comes up in spybot, and I also removed "Adtracker________" at "HKEY_CURRENT_USER\Software\Softwrap\". in regedit.exe (found on http://forums.spybot...ad.php?t=37502)
But it still comes up in the scan results. Here's my HJT and spybot logs:

HJT: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:19:12 PM, on 23/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\johnsadventures.com\John's Background

Switcher\BackgroundSwitcher.exe
C:\Program Files (x86)\Switcher\Switcher.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://youtube.com.au
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?

LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90
O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600
O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 208.109.221.107 dehp.myspace.com
O1 - Hosts: 208.109.221.107 demr.myspace.com
O1 - Hosts: 208.109.221.107 desk.myspace.com
O1 - Hosts: 208.109.221.107 delb.myspace.com
O1 - Hosts: 208.109.221.107 delb2.myspace.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 208.109.221.107 view.atdmt.com
O1 - Hosts: 208.109.221.107 rad.msn.com
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-

F4B073EFC214} - C:\Program Files (x86)

\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-

0020ED227566} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-

4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-

82A9-A0F997BA588C} - C:\Program Files (x86)

\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet

Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -

C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-

6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)

\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-

2644-206D7942484F} - C:\PROGRA~2\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-

B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6

\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-

BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Program Files (x86)\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-

E861-484f-8273-0445EE161910} - C:\Program Files (x86)

\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-

B6FA-CE66B5AD205D} - C:\Program Files (x86)

\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b

-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6

\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-

794CA7E3FB53} - C:\Program Files (x86)\Google\Google

Gears\Internet Explorer\0.5.4.2\gears.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-

0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8

\avgtray.exe
O4 - HKLM\..\Run: [WinFastDTV] "C:\Program Files (x86)

\WinFast\WFDTV\DTVSchdl.exe"
O4 - HKLM\..\RunServicesOnce: [capscanuninstall]

"C:\Windows\command.com" /c del

"C:\Users\Phil\AppData\Local\Temp\uninstal.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows

Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series]

C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE /FU

"C:\Users\Phil\AppData\Local\Temp\E_SE0C0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BackgroundSwitcher] "C:\Program Files (x86)

\johnsadventures.com\John's Background

Switcher\BackgroundSwitcher.exe"
O4 - HKCU\..\Run: [Switcher] "C:\Program Files (x86)

\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)

\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows

Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program

Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program

Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: WFWIZ - Shortcut.lnk = C:\Program Files (x86)

\WinFast\WFDTV\WFWIZ.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program

Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit -

res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver

- res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF -

res://C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF -

res://C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -

res://C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -

res://C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF

- res://C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -

res://C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -

res://C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -

res://C:\Program Files (x86)\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit -

res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit -

res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-

B25EAC5965F5} - C:\Program Files (x86)\Google\Google

Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-

4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)

\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-

D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11

\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-

58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search &

Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy

Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend

Micro ActiveX Scan Agent 6.6) -

http://housecall65.t...ml/native/x86/w

in32/activex/hcImpl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}

(MessengerStatsClient Class) -

http://messenger.zon...tatsPAClient.ca

b56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-

FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-

1830C7DD7F5D} - C:\PROGRA~2\COMMON~1

\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)

\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc.

- C:\Program Files (x86)\Common Files\ArcSoft\Connection

Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems

Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe

Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) -

Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files

(x86)\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG

Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ,

s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)

\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. -

C:\Program Files (x86)\Common

Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner -

C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01)

- SEIKO EPSON CORPORATION -

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd.

- C:\Program Files (x86)\Common Files\Macrovision

Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c94ac1d5dd1360)

(gupdate1c94ac1d5dd1360) - Google Inc. - C:\Program Files (x86)

\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files (x86)\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)

\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner -

C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files

(x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner -

C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)

\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files

(x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown

owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files

(x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300

(ProtectedStorage) - Unknown owner - C:\Windows\system32

\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2

(RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe

(file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) -

Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) -

Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search &

Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc)

- Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler)

- Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\Program Files (x86)\Common Files\Sony

Shared\AVLib\SPTISRV.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101

(UI0Detect) - Unknown owner - C:\Windows\system32

\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead

Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) -

Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) -

VMware, Inc. - C:\Program Files (x86)\VMware\VMware

Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc.

- C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) -

VMware, Inc. - C:\Program Files (x86)\Common

Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. -

C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) -

Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104

(wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe

(file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-

110 (wmiApSrv) - Unknown owner - C:\Windows\system32

\wbem\WmiApSrv.exe (file missing)

--
End of file - 14533 bytes

Spybot:


GrokLoader: [SBI $A8A047C2] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1598939200-4013600995-2814625427-1000\Software\Softwrap\Adtracker________

MediaPlex: Tracking cookie..... list of cookies, no probs....


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-12-19 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-05 Includes\Adware.sbi (*)
2008-12-10 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-03 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-16 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-16 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-19 Includes\Malware.sbi (*)
2008-12-17 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2008-12-16 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-05 Includes\Trojans.sbi (*)
2008-12-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
  • 0

Advertisements


#2
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hello Phillip...

welcome to geekstogo :) and sorry to keep you waiting.

could you turn off wordwrap on your notepad (makes the logs very hard to read) and then re-run hijackthis and post the log for me to take a look at.

andrewuk
  • 0

#3
Phillip...

Phillip...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
no problems, thanks for the reply.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:38 PM, on 11/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Switcher\Switcher.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Phil\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVision.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90
O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600
O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 208.109.221.107 dehp.myspace.com
O1 - Hosts: 208.109.221.107 demr.myspace.com
O1 - Hosts: 208.109.221.107 desk.myspace.com
O1 - Hosts: 208.109.221.107 delb.myspace.com
O1 - Hosts: 208.109.221.107 delb2.myspace.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 208.109.221.107 view.atdmt.com
O1 - Hosts: 208.109.221.107 rad.msn.com
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinFastDTV] "C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe"
O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\Windows\command.com" /c del "C:\Users\Phil\AppData\Local\Temp\uninstal.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE /FU "C:\Users\Phil\AppData\Local\Temp\E_SE0C0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
O4 - HKCU\..\Run: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: WFWIZ - Shortcut.lnk = C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 14012 bytes
  • 0

#4
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
lets try the basics before we dive in deeper:

the scans will likely take 3 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.



====STEP 2====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 3====
Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.





The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

Edited by andrewuk, 11 January 2009 - 07:34 AM.

  • 0

#5
Phillip...

Phillip...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
mbam log:

Malwarebytes' Anti-Malware 1.32
Database version: 1645
Windows 6.0.6001 Service Pack 1

12/01/2009 11:03:03 PM
mbam-log-2009-01-12 (23-03-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 305815
Time elapsed: 1 hour(s), 14 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Phil\AppData\Roaming\RBXML550.dll (Trojan.Agent) -> Quarantined and deleted successfully.
  • 0

#6
Phillip...

Phillip...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
kas:

Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.BAT.Flood.c File: D:\Documents & Data\Documents\bat.bat
deleted: Trojan program Trojan.BAT.Flood.c File: D:\Documents & Data\Documents\Copy of bat.bat



these bat files were just a funny thing i tried, to flood a cmd window. but still, i made sure it was gone just in case. nothing else was detected.
  • 0

#7
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
We will now use combofix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review and a new hijackthis log

andrewuk
  • 0

#8
Phillip...

Phillip...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I have x64 Vista, and it seems that combofox won't work on it:

screenshot attached.

Attached Thumbnails

  • Clipboard02.jpg

  • 0

#9
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
lets go down this route:

  • Download random's system information tool (RSIT) by random/random from here.
  • It is important that is saved to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#10
Phillip...

Phillip...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Phil at 2009-01-14 19:02:39
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 112 GB (55%) free of 205 GB
Total RAM: 4094 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:02:54 PM, on 14/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Nero\Nero 7\Nero Vision\NeroVision.exe
D:\Documents & Data\Desktop\RSIT.exe
C:\Program Files\hijackthis\Phil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90
O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600
O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 208.109.221.107 dehp.myspace.com
O1 - Hosts: 208.109.221.107 demr.myspace.com
O1 - Hosts: 208.109.221.107 desk.myspace.com
O1 - Hosts: 208.109.221.107 delb.myspace.com
O1 - Hosts: 208.109.221.107 delb2.myspace.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 208.109.221.107 view.atdmt.com
O1 - Hosts: 208.109.221.107 rad.msn.com
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinFastDTV] "C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe"
O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\Windows\command.com" /c del "C:\Users\Phil\AppData\Local\Temp\uninstal.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE /FU "C:\Users\Phil\AppData\Local\Temp\E_SE0C0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
O4 - HKCU\..\Run: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: WFWIZ - Shortcut.lnk = C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 13966 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598939200-4013600995-2814625427-1000.job
C:\Windows\tasks\User_Feed_Synchronization-{E7461989-AA87-422E-A073-280E21605D02}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2008-06-10 187512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02464DDC-3187-11D8-8004-0020ED227566}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-26 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2008-11-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-10 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2008-11-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2008-11-28 1261336]
"WinFastDTV"=C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe [2008-10-24 90112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"EPSON Stylus CX5500 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE [2007-03-01 211456]
"BackgroundSwitcher"=C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [2008-11-06 1095568]
"Switcher"=C:\Program Files (x86)\Switcher\Switcher.exe [2007-10-28 425984]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WFWIZ - Shortcut.lnk - C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"TaskbarNoNotification"=1
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"LockTaskbar"=0
"HideSCABattery"=0
"HideSCANetwork"=0
"HideSCAVolume"=0
"NoDesktopCleanupWizard"=1
"AlwaysShowClassicMenu"=1
"DisableThumbnailsOnNetworkFolders"=1
"NoDriveTypeAutorun"=237

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=
"LockTaskbar"=
"TaskbarNoThumbnail"=
"NoFolderOptions"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"="C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe"="C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43d5bc3-1fe3-11dd-aeec-001d7dd7344c}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\exe32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f5cb90-1a44-11dd-8afb-001d7dd7344c}]
shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe


======File associations======

.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-01-14 19:02:39 ----D---- C:\rsit
2009-01-14 11:39:30 ----D---- C:\ComboFix
2009-01-14 11:39:30 ----A---- C:\Windows\system32\CF17027.exe
2009-01-14 11:38:34 ----A---- C:\Windows\system32\CF16844.exe
2009-01-14 11:36:41 ----A---- C:\Windows\system32\CF16462.exe
2009-01-14 11:36:34 ----A---- C:\Windows\system32\cmd.execf
2009-01-14 11:35:27 ----A---- C:\Windows\system32\CF16233.exe
2009-01-14 11:31:32 ----A---- C:\Windows\system32\swsc.exe
2009-01-14 11:31:32 ----A---- C:\Windows\system32\CF15466.exe
2009-01-14 11:31:31 ----A---- C:\Bug.txt
2009-01-14 00:31:11 ----D---- C:\Users\Phil\AppData\Roaming\avidemux
2009-01-14 00:31:04 ----D---- C:\Program Files (x86)\Avidemux 2.4
2009-01-13 23:11:44 ----D---- C:\ProgramData\iTunesFolderWatch
2009-01-13 20:10:23 ----D---- C:\Program Files (x86)\iTunesKeys
2009-01-13 17:22:35 ----D---- C:\Program Files (x86)\iTunes Library Updater
2009-01-13 12:13:57 ----D---- C:\Windows\Temp
2009-01-13 12:05:19 ----D---- C:\ProgramData\is-KV1QB
2009-01-12 23:10:02 ----D---- C:\ProgramData\is-VLQ78
2009-01-12 23:08:51 ----A---- C:\Windows\ntbtlog.txt
2009-01-12 21:43:38 ----D---- C:\Users\Phil\AppData\Roaming\Malwarebytes
2009-01-12 21:43:34 ----D---- C:\ProgramData\Malwarebytes
2009-01-12 21:43:33 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-01-08 21:14:02 ----D---- C:\Program Files (x86)\WinUAE
2009-01-05 01:00:58 ----D---- C:\Users\Phil\AppData\Roaming\WinRAR
2009-01-05 00:34:25 ----D---- C:\Program Files (x86)\filehippo.com
2009-01-04 23:44:27 ----D---- C:\Downloads
2009-01-04 23:39:12 ----D---- C:\extensions
2009-01-04 23:39:10 ----D---- C:\Program Files (x86)\BitComet
2009-01-04 17:25:21 ----D---- C:\ProgramData\Google
2009-01-03 23:54:32 ----D---- C:\Users\Phil\AppData\Roaming\RealWorld
2009-01-03 23:53:58 ----D---- C:\Program Files (x86)\RealWorld Paint.COM
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizeW7.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizePX.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizeP6.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizeM6.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizeA6.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresize.dll
2008-12-31 00:59:33 ----D---- C:\Program Files (x86)\Common Files\Steinberg
2008-12-31 00:59:11 ----D---- C:\Users\Phil\AppData\Roaming\Steinberg
2008-12-31 00:39:00 ----D---- C:\Program Files (x86)\Pinnacle
2008-12-31 00:38:59 ----D---- C:\Program Files (x86)\Steinberg
2008-12-31 00:25:21 ----D---- C:\ProgramData\Pinnacle
2008-12-27 22:28:37 ----D---- C:\Program Files (x86)\MozBackup
2008-12-27 16:40:19 ----A---- C:\Windows\system32\pthreadGC2.dll
2008-12-27 16:04:59 ----D---- C:\DVD
2008-12-25 11:07:36 ----D---- C:\ProgramData\_comodo_
2008-12-24 23:22:37 ----D---- C:\Users\Phil\AppData\Roaming\AeroSnapApp
2008-12-21 18:33:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2008-12-21 17:27:00 ----D---- C:\Users\Phil\AppData\Roaming\KeePass
2008-12-21 17:22:29 ----D---- C:\Program Files (x86)\KeePass Password Safe
2008-12-21 12:22:43 ----D---- C:\Users\Phil\AppData\Roaming\VoxOx
2008-12-20 23:54:55 ----D---- C:\ProgramData\Digsby
2008-12-20 23:50:00 ----D---- C:\Users\Phil\AppData\Roaming\Digsby
2008-12-20 23:49:29 ----D---- C:\Program Files (x86)\Digsby
2008-12-19 15:58:33 ----D---- C:\Program Files (x86)\Trillian
2008-12-19 01:21:24 ----D---- C:\ProgramData\Spybot - Search & Destroy
2008-12-19 01:21:24 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2008-12-18 11:16:50 ----A---- C:\Windows\system32\mshtml.dll
2008-12-18 11:16:32 ----D---- C:\Program Files (x86)\Microsoft Silverlight

======List of files/folders modified in the last 1 months======

2009-01-14 18:55:47 ----A---- C:\Windows\NeroDigital.ini
2009-01-14 18:29:20 ----D---- C:\Program Files (x86)\Flock
2009-01-14 18:26:13 ----D---- C:\Windows\Prefetch
2009-01-14 17:00:34 ----SHD---- C:\System Volume Information
2009-01-14 16:42:20 ----D---- C:\Windows\winsxs
2009-01-14 16:38:58 ----SHD---- C:\Windows\Installer
2009-01-14 16:38:54 ----D---- C:\ProgramData\Microsoft Help
2009-01-14 16:36:28 ----D---- C:\Windows\Debug
2009-01-14 16:36:21 ----D---- C:\Program Files (x86)\Windows Mail
2009-01-14 11:39:30 ----D---- C:\Windows\SysWOW64
2009-01-14 11:38:26 ----D---- C:\ProgramData\Google Updater
2009-01-14 11:27:32 ----D---- C:\ProgramData\VMware
2009-01-14 00:31:41 ----D---- C:\Users\Phil\AppData\Roaming\gtk-2.0
2009-01-14 00:31:04 ----RD---- C:\Program Files (x86)
2009-01-13 23:11:44 ----HD---- C:\ProgramData
2009-01-13 23:05:28 ----D---- C:\Users\Phil\AppData\Roaming\dvdcss
2009-01-13 22:06:20 ----A---- C:\Windows\system32\Dvbpws.dll
2009-01-13 17:12:30 ----RD---- C:\Program Files
2009-01-13 12:13:57 ----D---- C:\Windows
2009-01-13 12:05:09 ----D---- C:\Windows\system32\drivers
2009-01-11 20:31:08 ----D---- C:\Windows\System32
2009-01-11 20:31:08 ----D---- C:\Windows\inf
2009-01-11 13:45:29 ----D---- C:\Windows\rescache
2009-01-11 01:09:03 ----D---- C:\Windows\Web
2009-01-09 23:50:32 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-01-08 18:43:06 ----D---- C:\Users\Phil\AppData\Roaming\Skype
2009-01-08 18:26:19 ----D---- C:\Users\Phil\AppData\Roaming\skypePM
2009-01-06 18:48:46 ----D---- C:\Users\Phil\AppData\Roaming\Adobe
2009-01-06 15:42:33 ----D---- C:\Windows\Tasks
2009-01-05 12:43:17 ----RSD---- C:\Windows\assembly
2009-01-05 12:43:17 ----D---- C:\Windows\Microsoft.NET
2009-01-05 12:22:04 ----D---- C:\Program Files (x86)\WinRAR
2009-01-05 01:02:31 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-01-05 00:52:46 ----D---- C:\Users\Phil\AppData\Roaming\SUPERAntiSpyware.com
2009-01-05 00:41:31 ----D---- C:\Program Files (x86)\CCleaner
2009-01-04 23:36:42 ----D---- C:\Program Files (x86)\uTorrent
2009-01-04 23:29:12 ----D---- C:\Users\Phil\AppData\Roaming\uTorrent
2009-01-04 17:26:43 ----D---- C:\Program Files (x86)\Acoustica Mp3 To Wave Converter Plus
2009-01-04 17:25:21 ----D---- C:\Program Files (x86)\Google
2009-01-04 17:19:09 ----D---- C:\Program Files (x86)\XBMC
2009-01-04 17:12:53 ----D---- C:\Program Files (x86)\Common Files\AVSMedia
2009-01-04 17:12:51 ----D---- C:\Program Files (x86)\AVS4YOU
2009-01-02 17:47:54 ----A---- C:\Windows\cdplayer.ini
2009-01-01 17:42:54 ----D---- C:\Windows\system32\QuickTime
2009-01-01 16:29:38 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2009-01-01 12:41:00 ----D---- C:\Users\Phil\AppData\Roaming\Orbit
2008-12-31 18:03:15 ----D---- C:\Program Files (x86)\Common Files\Ulead Systems
2008-12-31 18:01:54 ----D---- C:\ProgramData\Ulead Systems
2008-12-31 18:01:53 ----D---- C:\Program Files (x86)\Ulead Systems
2008-12-31 18:00:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-12-31 00:59:33 ----D---- C:\Program Files (x86)\Common Files
2008-12-31 00:30:35 ----D---- C:\Users\Phil\AppData\Roaming\VMware
2008-12-30 22:06:39 ----D---- C:\Program Files (x86)\LowRateVoip
2008-12-30 00:12:56 ----D---- C:\Users\Phil\AppData\Roaming\FileZilla
2008-12-27 22:16:11 ----D---- C:\Windows\SoftwareDistribution
2008-12-27 16:03:24 ----D---- C:\ProgramData\DVD Shrink
2008-12-25 15:30:01 ----A---- C:\log.txt
2008-12-23 22:16:50 ----RSD---- C:\Windows\Fonts
2008-12-22 00:57:01 ----D---- C:\Program Files (x86)\MP3Gain
2008-12-21 18:33:38 ----D---- C:\Users\Phil\AppData\Roaming\Mozilla
2008-12-20 11:53:19 ----D---- C:\Users\Phil\AppData\Roaming\Ventrilo
2008-12-19 01:45:22 ----D---- C:\Program Files (x86)\Orb Networks
2008-12-18 23:34:10 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx64;AVG AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys []
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys []
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys []
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys []
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [2007-03-23 24880]
R3 3xHybr64;WinFast DTV1000 S; C:\Windows\system32\DRIVERS\3xHybr64.sys []
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AvgWfpA;AVG8 Firewall Driver x64; C:\Windows\System32\Drivers\avgwfpa.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys []
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys []
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-05-15 20544]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
S3 mod7700;WinFast based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys []
S3 MODRC;WinFast TV Dongle With Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
S3 US122;US122 Driver; C:\Windows\System32\Drivers\US122x64.sys []
S3 US122DL;US122 Firmware Downloader; C:\Windows\System32\Drivers\US122DLx64.sys []
S3 US122WdmService;US122 Wdm Audio; C:\Windows\System32\Drivers\US122Wdmx64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 156016]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2008-05-16 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-05-16 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-05-16 150064]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-15 654848]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 SPTISRV;Sony SPTI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------
  • 0

Advertisements


#11
Phillip...

Phillip...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
info.txt logfile of random's system information tool 1.05 2009-01-14 19:02:56

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files (x86)\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files (x86)\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{C92A5A89-B218-46F7-8898-77C52113FFE0}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v2.5.1-->"C:\Program Files (x86)\AGEIA Technologies\uninstall.exe"
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Any Video Converter-->C:\PROGRA~2\ANYVID~1\UNWISE.EXE C:\PROGRA~2\ANYVID~1\INSTALL.LOG
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe"
AudioConverter Studio 5.5-->"C:\Program Files (x86)\AudioConverter Studio\unins000.exe"
AusLogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.0-->C:\Program Files (x86)\AVG\AVG8\setup.exe /UNINSTALL
Avidemux 2.4-->C:\Program Files (x86)\Avidemux 2.4\uninstall.exe
BitComet 1.07-->C:\Program Files (x86)\BitComet\uninst.exe
Camtasia Studio 3-->C:\Program Files (x86)\TechSmith\Camtasia Studio 3\CSuninst.EXE
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
CoreAVC Professional Edition (remove only)-->"C:\Program Files (x86)\CoreCodec\CoreAVC Professional Edition\CoreAVC Professional Edition-uninstall.exe"
CoreVorbis Audio Decoder (remove only)-->"C:\Windows\system32\CoreVorbis-uninstall.exe"
Digital Camera Driver-->C:\PROGRA~2\DIGITA~1\UNWISE.EXE C:\PROGRA~2\DIGITA~1\INSTALL.LOG
Digsby-->C:\Program Files (x86)\Digsby\uninstall.exe
Direct Show Ogg Vorbis Filter (remove only)-->"C:\Windows\system32\OggDSuninst.exe"
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
ffdshow [rev 2340] [2008-11-21]-->"C:\Program Files (x86)\K-Lite Codec Pack\ffdshow\unins000.exe"
filehippo.com Update Checker-->"C:\Program Files (x86)\filehippo.com\uninstall.exe"
FileZilla Client 3.0.10-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Flock (2.0)-->C:\Program Files (x86)\Flock\uninstall\helper.exe
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\Windows\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files (x86)\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ Runtime 2.12.8 rev a (remove only)-->C:\Program Files (x86)\Common Files\GTK\2.0\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\hijackthis\HijackThis.exe" /uninstall
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\HUFFYUV.INF
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
iTunes Library Updater-->MsiExec.exe /I{38EE230F-F631-451F-8800-E29F5E5C9E7D}
iTunesKeys v1.56-->"C:\Program Files (x86)\iTunesKeys\unins000.exe"
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
John's Background Switcher 3.6-->C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\uninst.exe
KeePass Password Safe 1.14-->"C:\Program Files (x86)\KeePass Password Safe\unins000.exe"
K-Lite Mega Codec Pack 3.8.5-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
KLS Mail Backup 1.3.0.0-->"C:\Program Files (x86)\KLS Soft\KLS Mail Backup\unins000.exe"
LowRateVoip-->"C:\Program Files (x86)\LowRateVoip\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Monkey's Audio-->"C:\Program Files (x86)\Monkey's Audio\unins000.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Premium-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
novaPDF Printer Lite 3.3-->"C:\Program Files (x86)\Softland\novaPDF Printer Lite 3\unins000.exe"
OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files (x86)\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
Orbit Downloader-->"C:\Program Files (x86)\Orbitdownloader\unins000.exe"
OtsTurntables Free 1.00.012-->"C:\Windows\OTS_UI.EXE" "C:\OtsLabs\OTSTT.osi"
Pac-Man Adventures in Time-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D2023740-9AAC-11D4-B54D-006008571948}\setup.exe" FromAddRemove
Panda ActiveScan 2.0-->C:\Program Files (x86)\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
PrimoPDF-->"C:\Windows\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
RealWorld Paint.COM-->MsiExec.exe /I{B6883DA2-2EBE-4DD1-80F1-8954998E7788}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SimCity 4-->C:\Program Files (x86)\Maxis\SimCity 4\EAUninstall.exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Steinberg Cubase LE-->"C:\Program Files (x86)\Steinberg\Cubase LE\Uninstall.exe" "C:\Program Files (x86)\Steinberg\Cubase LE\Install.log"
SUPER © Version 2008.bld.32 (July 8, 2008)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switcher 2.0.0-->MsiExec.exe /X{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}
The Sims 2-->C:\Program Files (x86)\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
Total Video Converter 3.11 070908-->"C:\Program Files (x86)\Total Video Converter\unins000.exe"
TVUPlayer 2.4.0.1-->C:\Program Files (x86)\TVUPlayer\uninst.exe
TweakVI-->"C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files (x86)\TweakVI\Uninstall\uninstall.xml"
Ulead VideoStudio 11-->C:\Program Files (x86)\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
VLC media player 0.9.6-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
VOB2MPG 2.5-->MsiExec.exe /I{78EFA95D-3310-4035-815B-A46BA4D0C6FA}
VSLN - Vsak se lahko nauèi 1 (1. stopnja) v1.01-->"C:\Program Files (x86)\Goter VSLN1\unins000.exe"
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFast Codec-TS SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}\Setup.exe" -l0x9
WinFast De-interlace SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9A0E0340-C3D7-42D1-96D4-64179FD456AE}\Setup.exe" -l0x9
WinFast DTV1000 S Driver -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1095069C-ABE2-4041-8139-48DED17CD142}\setup.exe" -l0x9 -removeonly
WinFast Multimedia Driver Installation -->C:\Program Files (x86)\InstallShield Installation Information\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}\setup.exe -runfromtemp -l0x0009 -removeonly
WinFast PVR2-->C:\Program Files (x86)\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\setup.exe -runfromtemp -l0x0009 -removeonly
WinFast TT-SB SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AF9848E2-5F19-4E49-9E6E-044FBDC28404}\Setup.exe" -l0x9
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinUAE 1.5.3-->C:\Program Files (x86)\WinUAE\uninstall_winuae.exe
XviD MPEG-4 Video Codec-->"C:\Program Files (x86)\XviD\unins000.exe"

======Hosts File======


127.0.0.1 localhost
127.0.0.1 atwola.com
68.178.151.28 delb.opt.fimserve.com # 728x90
68.178.151.28 desk.opt.fimserve.com # 160x600
68.178.151.28 demr.opt.fimserve.com # 300x250
72.167.163.234 www.google-analytics.com
72.167.163.234 ads1.msn.com
208.109.221.107 dehp.myspace.com
208.109.221.107 demr.myspace.com

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Spybot - Search and Destroy (disabled)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

System event log

Computer Name: Phil-PC
Event Code: 4201
Message: The system detected that network adapter Local Area Connection 2 was connected to the network, and has initiated normal operation.
Record Number: 91724
Source Name: Tcpip
Time Written: 20090114072612.609000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 4201
Message: The system detected that network adapter Local Area Connection 2 was connected to the network, and has initiated normal operation.
Record Number: 91725
Source Name: Tcpip
Time Written: 20090114072612.609000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 104
Message: The service is publishing to the network.
Record Number: 91726
Source Name: Microsoft-Windows-ResourcePublication
Time Written: 20090114072614.048000-000
Event Type: Information
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Phil-PC
Event Code: 1103
Message: Your computer was successfully assigned an address from the network, and it can now connect to other computers.
Record Number: 91727
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090114072616.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.
Record Number: 91728
Source Name: Service Control Manager
Time Written: 20090114072616.000000-000
Event Type: Information
User:

Application event log

Computer Name: Phil-PC
Event Code: 103
Message: msnmsgr (3720) \\.\C:\Users\Phil\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_92F0_7206_F071_F0B9\dfsr.db: The database engine stopped the instance (0).
Record Number: 41304
Source Name: ESENT
Time Written: 20090114065008.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 102
Message: msnmsgr (3720) \\.\C:\Users\Phil\AppData\Local\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_92F0_7206_F071_F0B9\dfsr.db: The database engine (6.00.6001.0000) started a new instance (0).
Record Number: 41305
Source Name: ESENT
Time Written: 20090114072624.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 1017
Message: SMART status for disk ST3320620AS returned OK.
Record Number: 41306
Source Name: NVRAIDSERVICE
Time Written: 20090114072752.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 1017
Message: SMART status for disk ST3320620AS returned OK.
Record Number: 41307
Source Name: NVRAIDSERVICE
Time Written: 20090114072752.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 1024
Message: Disk(s) were polled for SMART status.
Record Number: 41308
Source Name: NVRAIDSERVICE
Time Written: 20090114072752.000000-000
Event Type: Information
User:

Security event log

Computer Name: Phil-PC
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: PHIL-PC$
Account Domain: HOME
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\System32\drivers\srv.sys
Handle ID: 0x478

Process Information:
Process ID: 0x1924
Process Name: C:\Windows\servicing\TrustedInstaller.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 31016
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114053859.223889-000
Event Type: Audit Success
User:

Computer Name: Phil-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: PHIL-PC$
Account Domain: HOME
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Phil
Account Domain: Phil-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x380
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 31017
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114072615.078000-000
Event Type: Audit Success
User:

Computer Name: Phil-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: PHIL-PC$
Account Domain: HOME
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-1598939200-4013600995-2814625427-1000
Account Name: Phil
Account Domain: Phil-PC
Logon ID: 0x105fc5c
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x380
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: PHIL-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 31018
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114072615.078000-000
Event Type: Audit Success
User:

Computer Name: Phil-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-1598939200-4013600995-2814625427-1000
Account Name: Phil
Account Domain: Phil-PC
Logon ID: 0x105fc5c

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 31019
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114072615.078000-000
Event Type: Audit Success
User:

Computer Name: Phil-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-1598939200-4013600995-2814625427-1000
Account Name: Phil
Account Domain: Phil-PC
Logon ID: 0x105fc5c

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 31020
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090114072615.091000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Videocharge Software\Watermark Master;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by Phillip..., 14 January 2009 - 02:14 AM.

  • 0

#12
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90
O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600
O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 208.109.221.107 dehp.myspace.com
O1 - Hosts: 208.109.221.107 demr.myspace.com
O1 - Hosts: 208.109.221.107 desk.myspace.com
O1 - Hosts: 208.109.221.107 delb.myspace.com
O1 - Hosts: 208.109.221.107 delb2.myspace.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 208.109.221.107 view.atdmt.com
O1 - Hosts: 208.109.221.107 rad.msn.com
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
    explorer.exe
    
    :Reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43d5bc3-1fe3-11dd-aeec-001d7dd7344c}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f5cb90-1a44-11dd-8afb-001d7dd7344c}]
    
    :Files
    C:\ComboFix
    C:\Windows\system32\CF17027.exe
    C:\Windows\system32\CF16844.exe
    C:\Windows\system32\CF16462.exe
    C:\Windows\system32\cmd.execf
    C:\Windows\system32\CF16233.exe
    C:\Windows\system32\swsc.exe
    C:\Windows\system32\CF15466.exe
    C:\Bug.txt
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



====STEP 3====
i want to scan some files:

Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE

Click on the submit button

Please also do the same with the following four files:
C:\Windows\system32\Dvbpws.dll
C:\Windows\System32\Drivers\US122x64.sys
C:\Windows\System32\Drivers\US122DLx64.sys
C:\Windows\System32\Drivers\US122Wdmx64.sys

Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal


In your next reply could i see:
1. the OTMoveIT log
2. the five jotti logs
3. a new hijackthis log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

#13
Phillip...

Phillip...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
With HJT, I'm having problems with fixing
O1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90
O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600
O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 208.109.221.107 dehp.myspace.com
O1 - Hosts: 208.109.221.107 demr.myspace.com
O1 - Hosts: 208.109.221.107 desk.myspace.com
O1 - Hosts: 208.109.221.107 delb.myspace.com
O1 - Hosts: 208.109.221.107 delb2.myspace.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 208.109.221.107 view.atdmt.com
O1 - Hosts: 208.109.221.107 rad.msn.com
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com


And I receive this pop up for each:

(attached jpeg)

Clicking yes brings me to the TrendMicro FAQ, clicking no gets rid of the pop up, but running another hjt scan shows that the problems are still there. Should I run hjt in safe mode, or... ?

Attached Thumbnails

  • 1.jpg

  • 0

#14
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
continue with the rest of the instuctions. those entries are re-directing you to GoDaddy when you try and enter those websites. we will replace your hosts file later.
  • 0

#15
Phillip...

Phillip...

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTMoveIT log:

r========== PROCESSES ==========
Unable to kill process: explorer.exe
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b43d5bc3-1fe3-11dd-aeec-001d7dd7344c}\\ deleted successfully.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f5cb90-1a44-11dd-8afb-001d7dd7344c}\\ deleted successfully.
========== FILES ==========
C:\ComboFix\N_ moved successfully.
C:\ComboFix moved successfully.
C:\Windows\system32\CF17027.exe moved successfully.
C:\Windows\system32\CF16844.exe moved successfully.
C:\Windows\system32\CF16462.exe moved successfully.
C:\Windows\system32\cmd.execf moved successfully.
C:\Windows\system32\CF16233.exe moved successfully.
C:\Windows\system32\swsc.exe moved successfully.
C:\Windows\system32\CF15466.exe moved successfully.
C:\Bug.txt moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Phil\AppData\Local\Temp\etilqs_mkysRwdoaSsVNdWzdywt scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\TMP0000005063B1091B4A7A89CB scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\vmware-vmount.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01152009_215433

Files moved on Reboot...
File C:\Users\Phil\AppData\Local\Temp\etilqs_mkysRwdoaSsVNdWzdywt not found!
C:\Users\Phil\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File C:\Windows\temp\TMP0000005063B1091B4A7A89CB not found!
File move failed. C:\Windows\temp\vmware-vmount.log scheduled to be moved on reboot.
C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\urlclassifier3.sqlite moved successfully.
C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\XUL.mfl moved successfully.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP