[Samyew]

My google searches are getting redirected and I don't know why, Trend Micro internet security didn't find anything. I know this has come up before but I couldn't figure out what to do.

Here's the Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:32 PM, on 23/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit= C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdhvc.exe

--
End of file - 10489 bytes

[Advertisements]

Hello Samyew

welcome to geekstogo

====STEP 1====
Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  explorer.exe
  
  :Services
  Windows Tribute Service
  
  :Files
  C:\Windows\system32\kdhvc.exe
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



====STEP 2====
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select Option #5 : "Search and clean DNS Hijack" by typing 5 and press "Enter" to cleans your DNS Resolver.

Follow any promots you receive.

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt


====STEP 3====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




In your next reply could i see:
1. the OTMoveIT3 log
2. any logs created by the smitfraudfix tool
3. the malwarebytes log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[andrewuk]

Hello Samyew

welcome to geekstogo

====STEP 1====
Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  explorer.exe
  
  :Services
  Windows Tribute Service
  
  :Files
  C:\Windows\system32\kdhvc.exe
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



====STEP 2====
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select Option #5 : "Search and clean DNS Hijack" by typing 5 and press "Enter" to cleans your DNS Resolver.

Follow any promots you receive.

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt


====STEP 3====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




In your next reply could i see:
1. the OTMoveIT3 log
2. any logs created by the smitfraudfix tool
3. the malwarebytes log

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[Samyew]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service Windows Tribute Service stopped successfully.
Service Windows Tribute Service deleted successfully.
========== FILES ==========
C:\Windows\system32\kdhvc.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Samuel\AppData\Local\Temp\ehmsas.txt scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Temp\~DF53B8.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Temp\~DF6B1F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Temp\~DF9591.tmp scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Temp\~DFDBE8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\rmpcvgxu.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\rmpcvgxu.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\rmpcvgxu.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\rmpcvgxu.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11232008_164748

Files moved on Reboot...
C:\Users\Samuel\AppData\Local\Temp\ehmsas.txt moved successfully.
File C:\Users\Samuel\AppData\Local\Temp\~DF53B8.tmp not found!
File C:\Users\Samuel\AppData\Local\Temp\~DF6B1F.tmp not found!
File C:\Users\Samuel\AppData\Local\Temp\~DF9591.tmp not found!
File C:\Users\Samuel\AppData\Local\Temp\~DFDBE8.tmp not found!
File C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\rmpcvgxu.default\Cache\_CACHE_001_ not found!
File C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\rmpcvgxu.default\Cache\_CACHE_002_ not found!
File C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\rmpcvgxu.default\Cache\_CACHE_003_ not found!
File C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\rmpcvgxu.default\Cache\_CACHE_MAP_ not found!

[andrewuk]

any luck on the other steps?

andrewuk

[Samyew]

still working on it

SmitFraudFix v2.376

Scan done at 17:21:03.37, Sun 23/11/2008
Run from C:\Users\Samuel\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6001] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix

Description: Intel® Wireless WiFi Link 4965AGN
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D22DAEFA-E356-4D25-AC3F-2DE7F38294D8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D22DAEFA-E356-4D25-AC3F-2DE7F38294D8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D22DAEFA-E356-4D25-AC3F-2DE7F38294D8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix

Description: Intel® Wireless WiFi Link 4965AGN
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{D22DAEFA-E356-4D25-AC3F-2DE7F38294D8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D22DAEFA-E356-4D25-AC3F-2DE7F38294D8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{D22DAEFA-E356-4D25-AC3F-2DE7F38294D8}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1

[Samyew]

ok all finished this is the last log

Malwarebytes' Anti-Malware 1.30
Database version: 1419
Windows 6.0.6001 Service Pack 1

23/11/2008 8:10:28 PM
mbam-log-2008-11-23 (20-10-28).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 266450
Time elapsed: 2 hour(s), 45 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\homeview (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
C:\ienudwqs.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Users\Samuel\Downloads\serial.exe (Dialer) -> Quarantined and deleted successfully.
C:\resycled\boot.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\homeview\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.


Thanks for your help, I'll tell you if it comes up again.

[andrewuk]

ok, before we wrap this up, lets do one scan:

• Download random's system information tool (RSIT) by random/random from here.
• It is important that is saved to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[Samyew]

Logfile of random's system information tool 1.04 (written by random/random)
Run by Samuel at 2008-11-24 14:06:34
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 23 GB (16%) free of 144 GB
Total RAM: 3070 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:43 PM, on 24/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit= C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zon...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9608 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{E601EF49-6032-43FE-ADAE-85A47489B5C5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
IE to GetRight Helper - C:\Program Files\GetRight\xx2gr.dll [2007-07-18 246848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-09-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
VeriSoft Access Manager - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-05 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-09-19 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-10-08 4702208]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-11-06 159744]
"HP Health Check Scheduler"=[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe []
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
"pccguide.exe"=C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe [2007-04-12 3429904]
"CognizanceTS"=C:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll [2003-12-21 17920]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-02-26 13515296]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-02-26 92704]
"Samsung PanelMgr"=C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2008-05-07 524288]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-06 167936]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-01-16 634880]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-18 267048]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2006-11-24 622592]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-18 1233920]
"msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"ISUSPM"=C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [2007-03-28 222128]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"SoftAuto.exe"=C:\Program Files\Creative\Software Update 3\SoftAuto.exe [2008-05-27 401408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34c40b25-8e9c-11dc-9fac-001a6b815b30}]
shell\Auto\command - RavMonE.exe e
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4845de72-adcb-11dc-b86a-94c6b659d494}]
shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76943c59-8753-11dc-a23d-001b244527bc}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ebfe00-ad6d-11dc-846d-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ebfe01-ad6d-11dc-846d-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
shell\Open\command - Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eaef2eb-3e10-11dd-9044-001a6b815b30}]
shell\AutoRun\command - H:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eaef2ed-3e10-11dd-9044-001a6b815b30}]
shell\AutoRun\command - H:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8864a13c-8867-11dc-b312-001a6b815b30}]
shell\AutoRun\command - sysboot.scr
shell\open\command - sysboot.scr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a9ad25-2930-11dd-b30d-001a6b815b30}]
shell\AutoRun\command - H:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a9ad2e-2930-11dd-b30d-001a6b815b30}]
shell\AutoRun\command - H:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e244224a-a869-11dc-acce-ea7aa2095788}]
shell\Auto\command - PegeFile.pif
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL PegeFile.pif


======List of files/folders created in the last 1 months======

2008-11-24 14:06:34 ----D---- C:\rsit
2008-11-23 20:23:01 ----A---- C:\pytmmhk.txt
2008-11-23 17:23:17 ----D---- C:\Users\Samuel\AppData\Roaming\Malwarebytes
2008-11-23 17:23:11 ----D---- C:\ProgramData\Malwarebytes
2008-11-23 17:23:11 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-23 17:21:03 ----A---- C:\rapport.txt
2008-11-23 16:47:48 ----D---- C:\_OTMoveIt
2008-11-22 23:31:16 ----A---- C:\Windows\HDTV Player Uninstall Log.txt
2008-11-22 20:59:13 ----D---- C:\Windows\HDTV Player
2008-11-18 12:51:54 ----A---- C:\Windows\system32\wups2.dll
2008-11-18 12:51:54 ----A---- C:\Windows\system32\wucltux.dll
2008-11-18 12:51:54 ----A---- C:\Windows\system32\wuaueng.dll
2008-11-18 12:51:54 ----A---- C:\Windows\system32\wuauclt.exe
2008-11-18 12:51:39 ----A---- C:\Windows\system32\wups.dll
2008-11-18 12:51:39 ----A---- C:\Windows\system32\wudriver.dll
2008-11-18 12:51:39 ----A---- C:\Windows\system32\wuapi.dll
2008-11-18 12:51:22 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-18 12:51:22 ----A---- C:\Windows\system32\wuapp.exe
2008-11-13 14:10:46 ----A---- C:\Windows\CSTBox.INI
2008-11-13 14:09:49 ----D---- C:\Users\Samuel\AppData\Roaming\Canon
2008-11-13 14:09:15 ----D---- C:\Program Files\Canon
2008-11-13 13:14:06 ----D---- C:\Program Files\Common Files\CANON
2008-11-11 20:21:32 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 20:21:09 ----A---- C:\Windows\system32\msxml6.dll
2008-11-08 20:55:00 ----D---- C:\Program Files\Common Files\INCA Shared
2008-11-08 19:09:00 ----D---- C:\SEGA
2008-11-08 18:47:17 ----D---- C:\Program Files\SEGA
2008-11-07 21:29:09 ----D---- C:\Program Files\Telltale Games
2008-11-01 16:16:10 ----D---- C:\Users\Samuel\AppData\Roaming\LimeWire
2008-11-01 16:14:40 ----D---- C:\Program Files\LimeWire
2008-10-31 17:59:04 ----D---- C:\ProgramData\test
2008-10-31 16:42:26 ----A---- C:\Windows\system32\EncDec.dll
2008-10-31 16:42:24 ----A---- C:\Windows\system32\psisdecd.dll
2008-10-29 17:09:15 ----RHD---- C:\Users\Samuel\AppData\Roaming\SecuROM
2008-10-28 09:28:43 ----A---- C:\Windows\system32\win32spl.dll
2008-10-28 09:28:43 ----A---- C:\Windows\system32\wersvc.dll
2008-10-28 09:28:43 ----A---- C:\Windows\system32\Faultrep.dll

======List of files/folders modified in the last 1 months======

2008-11-24 14:06:38 ----D---- C:\Windows\Temp
2008-11-24 14:02:56 ----RD---- C:\Program Files
2008-11-24 14:01:49 ----D---- C:\Windows\SMINST
2008-11-24 11:09:42 ----SHD---- C:\System Volume Information
2008-11-23 20:25:05 ----D---- C:\Windows\system32\drivers
2008-11-23 19:52:15 ----D---- C:\Windows\System32
2008-11-23 17:23:11 ----HD---- C:\ProgramData
2008-11-23 17:15:46 ----D---- C:\WINDOWS
2008-11-23 14:49:22 ----SD---- C:\Windows\Downloaded Program Files
2008-11-23 14:43:10 ----D---- C:\Program Files\Trend Micro
2008-11-23 14:25:13 ----D---- C:\Users\Samuel\AppData\Roaming\uTorrent
2008-11-22 20:59:54 ----D---- C:\Windows\inf
2008-11-22 10:21:05 ----SHD---- C:\Windows\Installer
2008-11-22 10:21:05 ----D---- C:\ProgramData\Microsoft Help
2008-11-21 16:44:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-19 10:53:02 ----D---- C:\Windows\winsxs
2008-11-19 10:42:58 ----D---- C:\Windows\system32\catroot
2008-11-19 10:41:47 ----D---- C:\Windows\system32\en-US
2008-11-18 12:52:17 ----D---- C:\Windows\system32\catroot2
2008-11-17 11:26:57 ----D---- C:\ProgramData\Roxio
2008-11-15 10:37:44 ----D---- C:\Windows\Prefetch
2008-11-13 13:14:06 ----D---- C:\Program Files\Common Files
2008-11-13 12:56:50 ----A---- C:\Windows\win.ini
2008-11-13 12:49:15 ----RSD---- C:\Windows\Media
2008-11-13 12:49:02 ----D---- C:\Windows\twain_32
2008-11-13 12:24:10 ----D---- C:\Program Files\Mozilla Firefox
2008-11-12 10:15:18 ----D---- C:\Windows\Tasks
2008-11-09 22:39:25 ----SHD---- C:\$RECYCLE.BIN
2008-11-09 22:38:47 ----RD---- C:\Users
2008-11-07 20:19:36 ----SD---- C:\Users\Samuel\AppData\Roaming\Microsoft
2008-11-03 16:10:25 ----A---- C:\Windows\system32\mrt.exe
2008-10-31 17:27:46 ----D---- C:\Windows\Microsoft.NET
2008-10-31 17:27:33 ----RSD---- C:\Windows\assembly
2008-10-31 17:23:20 ----D---- C:\Windows\ehome
2008-10-29 17:09:14 ----A---- C:\Windows\system32\CmdLineExt.dll
2008-10-26 21:02:42 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-26 21:02:40 ----D---- C:\SwSetup
2008-10-26 21:00:40 ----D---- C:\Users\Samuel\AppData\Roaming\Hewlett-Packard
2008-10-26 20:59:50 ----HD---- C:\System.sav
2008-10-26 20:59:46 ----D---- C:\Program Files\Hewlett-Packard
2008-10-25 19:39:36 ----D---- C:\Program Files\HP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-07-06 56108]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2007-04-12 75792]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-08-08 45568]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-29 43008]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-29 38400]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2007-08-12 5120]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2007-12-24 138384]
R2 tmmbd;Trend Micro MBD Driver; C:\Windows\system32\DRIVERS\tm_mbd_c.sys [2007-04-12 112400]
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-08-16 36368]
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2008-08-16 205328]
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-08-16 1195448]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-18 19456]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-28 29184]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2006-09-18 15664]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2008-09-18 25280]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-08 1970712]
R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-25 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-02-26 7602688]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-18 49664]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2007-01-16 983936]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 tmcfw;Trend Micro Common Firewall Service; C:\Windows\system32\DRIVERS\TM_CFW.sys [2007-04-12 300816]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2007-08-12 41984]
S3 azgdumxd;azgdumxd; C:\Windows\system32\drivers\azgdumxd.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 464384]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-28 220160]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 E100B;Intel® PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-01 163328]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-01 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-09-11 101376]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\Windows\system32\drivers\Ndisprot.sys [2008-11-22 29192]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\RebirthRO\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2005-01-04 4682]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-01 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-18 521216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-17 110592]
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-01-05 554616]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-23 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-05 198168]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-01 61440]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2007-03-12 517768]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-02-26 49152]
R2 PcCtlCom;Trend Micro Central Control Component; C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe [2007-04-12 1930768]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-04-30 66872]
R2 Tmntsrv;Trend Micro Real-time Service; C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-04-12 484880]
R2 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-04-12 943696]
R2 tmproxy;Trend Micro Proxy Service; C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-04-12 566872]
R3 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-18 504104]
R3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-01-05 2918008]
R3 PcScnSrv;Trend Micro Protection Against Spyware ; C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe [2007-04-12 214544]
S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-10-31 72704]
S3 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 CTUPnPSv;Creative Centrale Media Server; C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-10 654848]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-19 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-12-04 79136]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-23 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]

-----------------EOF-----------------

[Samyew]

info.txt logfile of random's system information tool 1.04 2008-11-24 14:06:45

======Uninstall list======

-->"C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->"C:\ProgramData\{549E12A2-AFC9-415A-8917-B8D197926D0C}\setup.exe" REMOVE=TRUE MODIFY=FALSE
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe InDesign CS3-->C:\Program Files\Common Files\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro 2.0-->msiexec /I {FA17A726-B229-4116-B793-A2AB1A4EAE2E}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Shockwave Player-->C:\WINDOWS\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1437-443D-B06E-79A00FE45110}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{55CABB2F-4513-4FF1-B912-B45F93FC5B01}
Bejeweled 2 Deluxe-->"C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Bejeweled 2 Deluxe\install.log"
BitTornado 0.3.17-->C:\Program Files\BitTornado\uninst.exe
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Canon CanoScan Toolbox 5.0-->"C:\Program Files\Canon\CanoScan Toolbox Ver5.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\CanoScan Toolbox Ver5.0\uninst.ini
Cheat Engine 5.4-->"C:\Program Files\Cheat Engine\unins000.exe"
Chuzzle-->"C:\Program Files\Oberon Media\Chuzzle\Uninstall.exe" "C:\Program Files\Oberon Media\Chuzzle\install.log"
Commandos 2: Men of Courage-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7963BA0-EE1C-11D4-9FA5-00A0C9E6A342}\setup.exe"
Company of Heroes - FAKEMSI-->MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671}
Company of Heroes - FAKEMSI-->MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F}
Company of Heroes-->"C:\Program Files\THQ\Company of Heroes\Uninstall_English.exe"
Creative Centrale-->"C:\ProgramData\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Creative Centrale-->C:\ProgramData\{B953802D-D7B1-4AC2-AF3C-79E4D168CF1F}\Setup.exe
Creative Software Update-->C:\ProgramData\{549E12A2-AFC9-415A-8917-B8D197926D0C}\setup.exe
Creative ZEN X-Fi User's Guide-->"C:\Program Files\Creative\Creative ZEN X-Fi\UGRemove.exe" /Product_Name:ZENX-FI
Crimsonland-->"C:\Program Files\Crimsonland\ReflexiveArcade\unins000.exe"
Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat
Dynasty-->"C:\Program Files\Oberon Media\Dynasty\Uninstall.exe" "C:\Program Files\Oberon Media\Dynasty\install.log"
ESU for Microsoft Vista-->MsiExec.exe /X{1517A7CB-5F00-4A88-8F06-E89B6DB63784}
Flight Wizard 4-->"C:\Program Files\Flight Wizard 4\unins000.exe"
Four Houses-->"C:\Program Files\Oberon Media\Four Houses\Uninstall.exe" "C:\Program Files\Oberon Media\Four Houses\install.log"
GetRight-->"C:\Program Files\GetRight\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GPGNet-->MsiExec.exe /I{C194D333-B84A-4BB7-B35E-060732D98DC4}
Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe
Heroes of Might and Magic V-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{11BB336F-0E58-4977-B866-F24FA334616B}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0056-->MsiExec.exe /I{5AB56552-6938-4686-9F87-DB0ED8D1E06B}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Jewel Quest-->"C:\Program Files\Oberon Media\Jewel Quest\Uninstall.exe" "C:\Program Files\Oberon Media\Jewel Quest\install.log"
K-Lite Codec Pack 3.5.7 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LightScribe System Software 1.10.27.1-->MsiExec.exe /X{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Locomotion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77F45E76-E897-42CA-A9FE-5F56817D875C}\setup.exe" -l0x9
LogoMation 2.0 Demo-->C:\Windows\IsUninst.exe -f"C:\Program Files\Magic Square\LogoMation Demo\Uninst.isu"
Magic Match-->"C:\Program Files\Oberon Media\Magic Match\Uninstall.exe" "C:\Program Files\Oberon Media\Magic Match\install.log"
Mah Jong Quest-->"C:\Program Files\Oberon Media\Mah Jong Quest\Uninstall.exe" "C:\Program Files\Oberon Media\Mah Jong Quest\install.log"
Mahjong Escape Ancient China-->"C:\Program Files\Oberon Media\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Oberon Media\Mahjong Escape Ancient China\install.log"
Mahjong Match-->"C:\Program Files\Oberon Media\Mahjong Match\Uninstall.exe" "C:\Program Files\Oberon Media\Mahjong Match\install.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaRing Talk-->"C:\Program Files\MediaRing\MediaRing Talk\Uninstall.exe" "C:\Program Files\MediaRing\MediaRing Talk\install.log"
Microsoft Flight Simulator X: Acceleration-->C:\Windows\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimUninstall.log" /uninstall {A9729B90-D37B-4A69-B66A-7436AC1F7274}
Microsoft Flight Simulator X: Acceleration-->MsiExec.exe /I{A9729B90-D37B-4A69-B66A-7436AC1F7274}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{9527A496-5DF9-412A-ADC7-168BA5379CA6}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PHANTASY STAR UNIVERSE Ambition of the Illuminus-->"C:\SEGA\PHANTASY STAR UNIVERSE Illuminus\uninst\unins000.exe"
PHANTASY STAR UNIVERSE-->"C:\Program Files\SEGA\PHANTASY STAR UNIVERSE\uninst\unins000.exe"
Poker Superstars 2-->"C:\Program Files\Oberon Media\Poker Superstars 2\Uninstall.exe" "C:\Program Files\Oberon Media\Poker Superstars 2\install.log"
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Rainbow Web-->"C:\Program Files\Oberon Media\Rainbow Web\Uninstall.exe" "C:\Program Files\Oberon Media\Rainbow Web\install.log"
Real Alternative 1.7.5-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Samsung CLP-310 Series-->C:\Program Files\Samsung\Samsung CLP-310 Series\Install\Setup.exe /R
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Star Wars JK II Jedi Outcast-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{576E71DA-3000-48F6-9B21-B9A70D47DFCF}\Setup.exe"
StepMania (remove only)-->"C:\Program Files\StepMania\uninstall.exe"
Strong Bad - Strong Bad Episode 1 - Homestar Ruiner-->C:\Program Files\Telltale Games\Strong Bad\Uninstall Episode 1 - Homestar Ruiner.exe
Supreme Commander-->C:\Program Files\InstallShield Installation Information\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}\setup.exe -runfromtemp -l0x0009 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tomvale 'test'-->MsiExec.exe /I{9CDC2C23-72D5-4F16-8055-519A4427E2D9}
Trend Micro PC-cillin Internet Security 2007-->C:\PROGRA~1\TRENDM~1\INTERN~1\remove.exe
Trend Micro PC-cillin Internet Security 2007-->MsiExec.exe /X{BB4B6355-D38A-492C-873B-A1B2CF6C3832}
Ulead VideoStudio 11-->C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VeriSoft Access Manager-->rundll32.exe "C:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {D83899AB-9964-4CFC-A246-F1BD430A455F}
Vodafone Mobile Connect Lite-->MsiExec.exe /X{B5761811-28F3-4257-B537-815C5EEF472C}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
zMUD 7.21.0.0-->C:\Program Files\zMUD\uninst.exe
Zuma Deluxe-->"C:\Program Files\Oberon Media\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Oberon Media\Zuma Deluxe\install.log"

=====HijackThis Backups=====

O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopet...v/GoPetsWeb.cab

======Security center information======

AV: Trend Micro PC-cillin Internet Security 2007
FW: Trend Micro PC-cillin Internet Security (Firewall)
AS: Trend Micro PC-cillin Internet Security 2007
AS: Windows Defender (disabled)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Bioscrypt\VeriSoft\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=0f0a
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"USERPART"=F:
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

[andrewuk]

just some minor items to remove:

====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :Processes
  explorer.exe
  
  :Services
  azgdumxd
  
  :Reg
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{34c40b25-8e9c-11dc-9fac-001a6b815b30}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4845de72-adcb-11dc-b86a-94c6b659d494}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76943c59-8753-11dc-a23d-001b244527bc}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ebfe00-ad6d-11dc-846d-806e6f6e6963}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78ebfe01-ad6d-11dc-846d-806e6f6e6963}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eaef2eb-3e10-11dd-9044-001a6b815b30}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7eaef2ed-3e10-11dd-9044-001a6b815b30}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8864a13c-8867-11dc-b312-001a6b815b30}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a9ad25-2930-11dd-b30d-001a6b815b30}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0a9ad2e-2930-11dd-b30d-001a6b815b30}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e244224a-a869-11dc-acce-ea7aa2095788}]
  
  :Files
  C:\pytmmhk.txt
  C:\Windows\system32\drivers\azgdumxd.sys
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


and could you give me some idea of how your machine is running now?

andrewuk

[andrewuk]

still with us?

[Samyew]

Yep, it's all done, no more redirecting.

[andrewuk]

ok, lets just do a couple of scans to clear out the remnants and ensure nothing else sneaked onto your machine.

====STEP 1====
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



====STEP 2====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

[Samyew]

Malwarebytes' Anti-Malware 1.30
Database version: 1435
Windows 6.0.6001 Service Pack 1

29/11/2008 6:09:14 PM
mbam-log-2008-11-29 (18-09-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 268643
Time elapsed: 3 hour(s), 1 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\HDTV Player (Rogue.HDTVPlayer) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Samuel\Downloads\HDTVPlayer.exe (Rogue.HDTVPlayer) -> Quarantined and deleted successfully.
C:\WINDOWS\HDTV Player\uninstall.exe (Rogue.HDTVPlayer) -> Quarantined and deleted successfully.

[andrewuk]

looking good so far

just the kaspersky log to come.