Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Grokloader - How do I properly remove it? [Solved]

Started by Phillip... , Dec 22 2008 10:20 PM

This topic is locked

#31
Phillip...

Posted 17 January 2009 - 08:49 AM

Member

Topic Starter
Member
40 posts

thanks! it ran fine now...
regardless or point or not, will run a spybot scan and let you know how goes.

========== PROCESSES ==========
Unable to kill process: explorer.exe
========== REGISTRY ==========
Registry key HKEY_USERS\S-1-5-21-1598939200-4013600995-2814625427-1000\Software\Softwrap\Adtracker*\\ not found.
========== COMMANDS ==========
File delete failed. C:\Users\Phil\AppData\Local\Temp\etilqs_yS8tnAAwj789fkyMUngy scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\vmware-vmount.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Phil\AppData\Local\Mozilla\Firefox\Profiles\h6y30rba.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01182009_014145

Edited by Phillip..., 17 January 2009 - 08:55 AM.

#32
andrewuk

Posted 17 January 2009 - 09:29 AM

Trusted Helper

Malware Removal
5,297 posts

i suspect it may still be there, the OTMoveIT log indicated that it could not find the key.

#33
Phillip...

Posted 17 January 2009 - 08:14 PM

Member

Topic Starter
Member
40 posts

do i remove it in spybot?

i suspect it may still be there, the OTMoveIT log indicated that it could not find the key.

#34
andrewuk

Posted 17 January 2009 - 08:35 PM

Trusted Helper

Malware Removal
5,297 posts

do i remove it in spybot?

yes please

#35
Phillip...

Posted 17 January 2009 - 08:41 PM

Member

Topic Starter
Member
40 posts

done

#36
andrewuk

Posted 17 January 2009 - 08:48 PM

Trusted Helper

Malware Removal
5,297 posts

Hello Phillip...

ok, lets wrap this up. i will leave the post open for a day or two. let me know if it comes back.

congratulations, your logs are clean and another fix is in the can

in this post we will clear away the fix tools (this is so that should you ever be re-infected, you will download updated versions and it will also remove the quarantined Malware from your computer), reset your restore points (there will be infections lurking in there) and i will leave you with some ideas on how to enhance the protection of your machine against future infection.

====STEP 1====
Please download the OTCleanIt by OldTimer.

Save it to your desktop.
Please double-click OTCleanIT.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
Click on the CleanUp! button to begin the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

you can also clear away any other tools we used.

====IDEAS TO SPEED UP YOUR MACHINE====
this page http://users.telenet...owcomputer.html gives some good ideas on how to improve the efficiency of your machine and has one or two useful links to help you further.

====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

best wishes

andrewuk

#37
Phillip...

Posted 18 January 2009 - 04:47 AM

Member

Topic Starter
Member
40 posts

did a fresh scan after a couple of hours and...

GrokLoader: [SBI $A8A047C2] Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1598939200-4013600995-2814625427-1000\Software\Softwrap\Adtracker________

#38
andrewuk

Posted 18 January 2009 - 07:48 AM

Trusted Helper

Malware Removal
5,297 posts

ok, lets get a new log down:

Download random's system information tool (RSIT) by random/random from here.
It is important that is saved to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

there may only be one log this time.

andrewuk

#39
Phillip...

Posted 18 January 2009 - 08:00 AM

Member

Topic Starter
Member
40 posts

Logfile of random's system information tool 1.05 (written by random/random)
Run by Phil at 2009-01-19 00:57:05
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 115 GB (56%) free of 205 GB
Total RAM: 4094 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:17 AM, on 19/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
C:\Program Files (x86)\Switcher\Switcher.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Winamp\elevator.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
D:\Documents & Data\Desktop\RSIT.exe
C:\Program Files\hijackthis\Phil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: (no name) - {02464DDC-3187-11D8-8004-0020ED227566} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinFastDTV] "C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe"
O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Phil\AppData\Local\Temp\nro.tmp\"
O4 - HKLM\..\RunServicesOnce: [capscanuninstall] "C:\Windows\command.com" /c del "C:\Users\Phil\AppData\Local\Temp\uninstal.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE /FU "C:\Users\Phil\AppData\Local\Temp\E_SE0C0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BackgroundSwitcher] "C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe"
O4 - HKCU\..\Run: [Switcher] "C:\Program Files (x86)\Switcher\Switcher.exe" /quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: PingFMDesktop.lnk = Internet - Communication\PingFMDesktop\PingFMDesktop.exe
O4 - Global Startup: WFWIZ - Shortcut.lnk = C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 13585 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1598939200-4013600995-2814625427-1000.job
C:\Windows\tasks\User_Feed_Synchronization-{E7461989-AA87-422E-A073-280E21605D02}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll [2008-06-10 187512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02464DDC-3187-11D8-8004-0020ED227566}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-05-26 308856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2008-11-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2008-11-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe [2008-11-28 1261336]
"WinFastDTV"=C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe [2008-10-24 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CleanSetup"=cmd /C rmdir /S /Q C:\Users\Phil\AppData\Local\Temp\nro.tmp\ []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1555968]
"EPSON Stylus CX5500 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAP.EXE [2007-03-01 211456]
"BackgroundSwitcher"=C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe [2008-11-06 1095568]
"Switcher"=C:\Program Files (x86)\Switcher\Switcher.exe [2007-10-28 425984]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WFWIZ - Shortcut.lnk - C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe

C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
PingFMDesktop.lnk - D:\Setup Files\Internet - Communication\PingFMDesktop\PingFMDesktop.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"TaskbarNoNotification"=1
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"LockTaskbar"=0
"HideSCABattery"=0
"HideSCANetwork"=0
"HideSCAVolume"=0
"NoDesktopCleanupWizard"=1
"AlwaysShowClassicMenu"=1
"DisableThumbnailsOnNetworkFolders"=1
"NoDriveTypeAutorun"=237
"NoSMBalloonTip"=1
"NoSearchCommInStartMenu"=1
"NoSearchComputerLinkInStartMenu"=1
"NoSearchInternetInStartMenu"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoDriveTypeAutoRun"=
"LockTaskbar"=
"TaskbarNoThumbnail"=
"NoFolderOptions"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe"="C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe"="C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f5cb90-1a44-11dd-8afb-001d7dd7344c}]
shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe

======File associations======

.js - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-01-19 00:57:05 ----D---- C:\rsit
2009-01-18 18:49:01 ----SHD---- C:\Config.Msi
2009-01-18 18:27:08 ----D---- C:\Users\Phil\AppData\Roaming\Nero
2009-01-18 18:00:35 ----D---- C:\Program Files (x86)\Common Files\Nero
2009-01-18 16:49:02 ----D---- C:\VistaOSX09
2009-01-18 16:27:42 ----A---- C:\Windows\PrimoPDF Uninstall Log.txt
2009-01-18 16:26:17 ----D---- C:\Users\Phil\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-01-18 14:34:44 ----D---- C:\ProgramData\TEMP
2009-01-18 14:34:37 ----D---- C:\Program Files (x86)\SpywareBlaster
2009-01-18 13:53:35 ----D---- C:\Program Files (x86)\SpywareGuard
2009-01-17 17:04:38 ----D---- C:\Program Files (x86)\iTunes Library Updater
2009-01-16 22:43:44 ----D---- C:\Program Files (x86)\AeroSnap
2009-01-16 15:00:24 ----D---- C:\Program Files (x86)\Microsoft Virtual PC
2009-01-15 00:27:40 ----D---- C:\Users\Phil\AppData\Roaming\Ashampoo
2009-01-15 00:27:21 ----D---- C:\ProgramData\ashampoo
2009-01-14 21:25:21 ----D---- C:\Program Files (x86)\Microsoft
2009-01-14 21:25:02 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2009-01-14 21:19:47 ----D---- C:\Program Files (x86)\Common Files\Windows Live
2009-01-14 00:31:11 ----D---- C:\Users\Phil\AppData\Roaming\avidemux
2009-01-13 23:11:44 ----D---- C:\ProgramData\iTunesFolderWatch
2009-01-13 20:10:23 ----D---- C:\Program Files (x86)\iTunesKeys
2009-01-13 12:13:57 ----D---- C:\Windows\Temp
2009-01-13 12:05:19 ----D---- C:\ProgramData\is-KV1QB
2009-01-12 23:10:02 ----D---- C:\ProgramData\is-VLQ78
2009-01-12 21:43:38 ----D---- C:\Users\Phil\AppData\Roaming\Malwarebytes
2009-01-12 21:43:34 ----D---- C:\ProgramData\Malwarebytes
2009-01-08 21:14:02 ----D---- C:\Program Files (x86)\WinUAE
2009-01-05 01:00:58 ----D---- C:\Users\Phil\AppData\Roaming\WinRAR
2009-01-05 00:34:25 ----D---- C:\Program Files (x86)\filehippo.com
2009-01-04 23:44:27 ----D---- C:\Downloads
2009-01-04 23:39:12 ----D---- C:\extensions
2009-01-04 23:39:10 ----D---- C:\Program Files (x86)\BitComet
2009-01-04 17:25:21 ----D---- C:\ProgramData\Google
2009-01-03 23:54:32 ----D---- C:\Users\Phil\AppData\Roaming\RealWorld
2009-01-03 23:53:58 ----D---- C:\Program Files (x86)\RealWorld Paint.COM
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizeW7.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizePX.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizeP6.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizeM6.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresizeA6.dll
2008-12-31 18:03:43 ----A---- C:\Windows\system32\IVIresize.dll
2008-12-31 00:59:33 ----D---- C:\Program Files (x86)\Common Files\Steinberg
2008-12-31 00:59:11 ----D---- C:\Users\Phil\AppData\Roaming\Steinberg
2008-12-31 00:38:59 ----D---- C:\Program Files (x86)\Steinberg
2008-12-31 00:25:21 ----D---- C:\ProgramData\Pinnacle
2008-12-27 22:28:37 ----D---- C:\Program Files (x86)\MozBackup
2008-12-27 16:04:59 ----D---- C:\DVD
2008-12-25 11:07:36 ----D---- C:\ProgramData\_comodo_
2008-12-24 23:22:37 ----D---- C:\Users\Phil\AppData\Roaming\AeroSnapApp
2008-12-21 18:33:31 ----D---- C:\Program Files (x86)\Mozilla Firefox
2008-12-21 17:27:00 ----D---- C:\Users\Phil\AppData\Roaming\KeePass
2008-12-21 17:22:29 ----D---- C:\Program Files (x86)\KeePass Password Safe
2008-12-21 12:22:43 ----D---- C:\Users\Phil\AppData\Roaming\VoxOx
2008-12-20 23:54:55 ----D---- C:\ProgramData\Digsby
2008-12-20 23:50:00 ----D---- C:\Users\Phil\AppData\Roaming\Digsby
2008-12-20 23:49:29 ----D---- C:\Program Files (x86)\Digsby

======List of files/folders modified in the last 1 months======

2009-01-18 23:19:35 ----D---- C:\Users\Phil\AppData\Roaming\FileZilla
2009-01-18 22:44:33 ----D---- C:\Program Files (x86)\Flock
2009-01-18 19:08:39 ----SHD---- C:\System Volume Information
2009-01-18 18:49:02 ----SHD---- C:\Windows\Installer
2009-01-18 18:48:39 ----D---- C:\ProgramData\Nero
2009-01-18 18:41:19 ----D---- C:\Program Files (x86)\Nero
2009-01-18 18:35:32 ----A---- C:\Windows\NeroDigital.ini
2009-01-18 18:26:53 ----D---- C:\ProgramData\VMware
2009-01-18 18:00:35 ----D---- C:\Program Files (x86)\Common Files
2009-01-18 18:00:08 ----D---- C:\Windows
2009-01-18 18:00:04 ----D---- C:\Windows\SysWOW64
2009-01-18 17:23:27 ----D---- C:\Program Files (x86)\Google
2009-01-18 16:43:52 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-18 16:41:06 ----RD---- C:\Program Files (x86)
2009-01-18 16:37:52 ----RD---- C:\Program Files
2009-01-18 16:34:31 ----HD---- C:\ProgramData
2009-01-18 16:33:50 ----D---- C:\Windows\System32
2009-01-18 16:26:36 ----D---- C:\Program Files (x86)\Adobe
2009-01-18 15:56:54 ----D---- C:\Windows\inf
2009-01-18 14:57:00 ----D---- C:\ProgramData\DVD Shrink
2009-01-18 14:01:31 ----D---- C:\Windows\system32\drivers
2009-01-17 18:48:07 ----D---- C:\ProgramData\Adobe
2009-01-17 18:46:32 ----D---- C:\Program Files (x86)\Common Files\Adobe
2009-01-16 21:22:56 ----D---- C:\Windows\Debug
2009-01-16 13:06:47 ----D---- C:\Windows\Microsoft.NET
2009-01-16 13:06:46 ----RSD---- C:\Windows\assembly
2009-01-16 01:20:57 ----D---- C:\Users\Phil\AppData\Roaming\dvdcss
2009-01-16 00:14:28 ----A---- C:\Windows\system32\Dvbpws.dll
2009-01-15 22:22:39 ----D---- C:\Windows\rescache
2009-01-15 21:41:19 ----D---- C:\Windows\winsxs
2009-01-15 21:23:30 ----SD---- C:\Users\Phil\AppData\Roaming\Microsoft
2009-01-15 18:17:33 ----D---- C:\Users\Phil\AppData\Roaming\Skype
2009-01-15 18:13:36 ----D---- C:\Users\Phil\AppData\Roaming\skypePM
2009-01-14 21:47:42 ----D---- C:\Program Files (x86)\Messenger Plus! Live
2009-01-14 21:25:10 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2009-01-14 21:24:44 ----D---- C:\Program Files (x86)\Windows Live
2009-01-14 21:19:32 ----SD---- C:\ProgramData\Microsoft
2009-01-14 18:26:13 ----D---- C:\Windows\Prefetch
2009-01-14 16:38:58 ----D---- C:\ProgramData\Microsoft Help
2009-01-14 16:36:21 ----D---- C:\Program Files (x86)\Windows Mail
2009-01-14 00:31:41 ----D---- C:\Users\Phil\AppData\Roaming\gtk-2.0
2009-01-11 01:09:03 ----D---- C:\Windows\Web
2009-01-09 23:50:32 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-01-06 18:48:46 ----D---- C:\Users\Phil\AppData\Roaming\Adobe
2009-01-06 15:42:33 ----D---- C:\Windows\Tasks
2009-01-05 12:22:04 ----D---- C:\Program Files (x86)\WinRAR
2009-01-05 01:02:31 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-01-05 00:52:46 ----D---- C:\Users\Phil\AppData\Roaming\SUPERAntiSpyware.com
2009-01-05 00:41:31 ----D---- C:\Program Files (x86)\CCleaner
2009-01-04 23:36:42 ----D---- C:\Program Files (x86)\uTorrent
2009-01-04 23:29:12 ----D---- C:\Users\Phil\AppData\Roaming\uTorrent
2009-01-04 17:26:43 ----D---- C:\Program Files (x86)\Acoustica Mp3 To Wave Converter Plus
2009-01-04 17:19:09 ----D---- C:\Program Files (x86)\XBMC
2009-01-04 17:12:53 ----D---- C:\Program Files (x86)\Common Files\AVSMedia
2009-01-04 17:12:51 ----D---- C:\Program Files (x86)\AVS4YOU
2009-01-02 17:47:54 ----A---- C:\Windows\cdplayer.ini
2009-01-01 17:42:54 ----D---- C:\Windows\system32\QuickTime
2009-01-01 16:29:38 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2009-01-01 12:41:00 ----D---- C:\Users\Phil\AppData\Roaming\Orbit
2008-12-31 18:03:15 ----D---- C:\Program Files (x86)\Common Files\Ulead Systems
2008-12-31 18:01:54 ----D---- C:\ProgramData\Ulead Systems
2008-12-31 18:01:53 ----D---- C:\Program Files (x86)\Ulead Systems
2008-12-31 18:00:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-12-31 00:30:35 ----D---- C:\Users\Phil\AppData\Roaming\VMware
2008-12-30 22:06:39 ----D---- C:\Program Files (x86)\LowRateVoip
2008-12-27 22:16:11 ----D---- C:\Windows\SoftwareDistribution
2008-12-25 15:30:01 ----A---- C:\log.txt
2008-12-23 22:16:50 ----RSD---- C:\Windows\Fonts
2008-12-21 18:33:38 ----D---- C:\Users\Phil\AppData\Roaming\Mozilla
2008-12-20 11:53:19 ----D---- C:\Users\Phil\AppData\Roaming\Ventrilo
2008-12-20 11:04:10 ----D---- C:\Program Files (x86)\Trillian

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx64;AVG AVI Loader Driver x64; C:\Windows\System32\Drivers\avgldx64.sys []
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64; C:\Windows\System32\Drivers\avgmfx64.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys []
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys []
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys []
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys []
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys [2007-03-23 24880]
R3 3xHybr64;WinFast DTV1000 S; C:\Windows\system32\DRIVERS\3xHybr64.sys []
R3 Afc;PPdus ASPI Shell; C:\Windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AvgWfpA;AVG8 Firewall Driver x64; C:\Windows\System32\Drivers\avgwfpa.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
R3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys []
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys []
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2008-05-15 20544]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 Inspect;Comodo Firewall Network Driver; C:\Windows\system32\DRIVERS\inspect.sys []
S3 mod7700;WinFast based TV tuner device; C:\Windows\system32\DRIVERS\mod7700.sys []
S3 MODRC;WinFast TV Dongle With Infrared Receiver; C:\Windows\system32\DRIVERS\modrc.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
S3 US122;US122 Driver; C:\Windows\System32\Drivers\US122x64.sys []
S3 US122DL;US122 Firmware Downloader; C:\Windows\System32\Drivers\US122DLx64.sys []
S3 US122WdmService;US122 Wdm Audio; C:\Windows\System32\Drivers\US122Wdmx64.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~2\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG8 WatchDog; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 156016]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [2008-05-16 109104]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2008-05-16 121392]
R2 vmount2;VMware Virtual Mount Manager Extended; C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-03-23 269104]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2008-05-16 150064]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-21 93696]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-07-15 654848]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 SPTISRV;Sony SPTI Service; C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S4 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S4 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2008-10-01 536872]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]

-----------------EOF-----------------

#40
Phillip...

Posted 18 January 2009 - 08:03 AM

Member

Topic Starter
Member
40 posts

info.txt logfile of random's system information tool 1.05 2009-01-19 00:57:19

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files (x86)\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files (x86)\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files (x86)\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Fireworks CS3-->C:\Program Files (x86)\Common Files\Adobe\Installers\bbef028176efa5abf0233d3e1747be8\Setup.exe
Adobe Fireworks CS3-->MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{C92A5A89-B218-46F7-8898-77C52113FFE0}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AeroSnap 0.61-->"C:\Program Files (x86)\AeroSnap\unins000.exe"
AGEIA PhysX v2.5.1-->"C:\Program Files (x86)\AGEIA Technologies\uninstall.exe"
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files (x86)\Audacity\unins000.exe"
AudioConverter Studio 5.5-->"C:\Program Files (x86)\AudioConverter Studio\unins000.exe"
AusLogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.0-->C:\Program Files (x86)\AVG\AVG8\setup.exe /UNINSTALL
BitComet 1.07-->C:\Program Files (x86)\BitComet\uninst.exe
Camtasia Studio 3-->C:\Program Files (x86)\TechSmith\Camtasia Studio 3\CSuninst.EXE
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Digital Camera Driver-->C:\PROGRA~2\DIGITA~1\UNWISE.EXE C:\PROGRA~2\DIGITA~1\INSTALL.LOG
Digsby-->C:\Program Files (x86)\Digsby\uninstall.exe
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
filehippo.com Update Checker-->"C:\Program Files (x86)\filehippo.com\uninstall.exe"
FileZilla Client 3.0.10-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Flock (2.0)-->C:\Program Files (x86)\Flock\uninstall\helper.exe
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\Windows\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HijackThis 2.0.2-->"C:\Program Files\hijackthis\HijackThis.exe" /uninstall
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\HUFFYUV.INF
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
IrfanView (remove only)-->C:\Program Files (x86)\IrfanView\iv_uninstall.exe
iTunes Library Updater-->MsiExec.exe /I{38EE230F-F631-451F-8800-E29F5E5C9E7D}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
John's Background Switcher 3.6-->C:\Program Files (x86)\johnsadventures.com\John's Background Switcher\uninst.exe
KeePass Password Safe 1.14-->"C:\Program Files (x86)\KeePass Password Safe\unins000.exe"
K-Lite Mega Codec Pack 3.8.5-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
KLS Mail Backup 1.3.0.0-->"C:\Program Files (x86)\KLS Soft\KLS Mail Backup\unins000.exe"
LowRateVoip-->"C:\Program Files (x86)\LowRateVoip\unins000.exe"
Messenger Plus! Live-->"C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"c:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Monkey's Audio-->"C:\Program Files (x86)\Monkey's Audio\unins000.exe"
Mozilla Firefox (3.0.5)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Premium-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
novaPDF Printer Lite 3.3-->"C:\Program Files (x86)\Softland\novaPDF Printer Lite 3\unins000.exe"
OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files (x86)\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
Orbit Downloader-->"C:\Program Files (x86)\Orbitdownloader\unins000.exe"
OtsTurntables Free 1.00.012-->"C:\Windows\OTS_UI.EXE" "C:\OtsLabs\OTSTT.osi"
Pac-Man Adventures in Time-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D2023740-9AAC-11D4-B54D-006008571948}\setup.exe" FromAddRemove
Panda ActiveScan 2.0-->C:\Program Files (x86)\Panda Security\ActiveScan 2.0\as2uninst.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
RealWorld Paint.COM-->MsiExec.exe /I{B6883DA2-2EBE-4DD1-80F1-8954998E7788}
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
SimCity 4-->C:\Program Files (x86)\Maxis\SimCity 4\EAUninstall.exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"
SUPER © Version 2008.bld.32 (July 8, 2008)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switcher 2.0.0-->MsiExec.exe /X{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}
The Sims 2-->C:\Program Files (x86)\EA GAMES\The Sims 2\EAUninstall.exe
The Sims™ 2 Seasons-->C:\Program Files (x86)\EA GAMES\The Sims 2 Seasons\EAUninstall.exe
Total Video Converter 3.11 070908-->"C:\Program Files (x86)\Total Video Converter\unins000.exe"
TVUPlayer 2.4.0.1-->C:\Program Files (x86)\TVUPlayer\uninst.exe
TweakVI-->"C:\Windows\TweakVI\uninstall.exe" "/U:C:\Program Files (x86)\TweakVI\Uninstall\uninstall.xml"
Ulead VideoStudio 11-->C:\Program Files (x86)\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Visual C++ 8.0 Runtime Setup Package (x64)-->MsiExec.exe /I{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}
VLC media player 0.9.6-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
VOB2MPG 2.5-->MsiExec.exe /I{78EFA95D-3310-4035-815B-A46BA4D0C6FA}
VSLN - Vsak se lahko nauèi 1 (1. stopnja) v1.01-->"C:\Program Files (x86)\Goter VSLN1\unins000.exe"
Winamp-->"C:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFast Codec-TS SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}\Setup.exe" -l0x9
WinFast De-interlace SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{9A0E0340-C3D7-42D1-96D4-64179FD456AE}\Setup.exe" -l0x9
WinFast DTV1000 S Driver -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1095069C-ABE2-4041-8139-48DED17CD142}\setup.exe" -l0x9 -removeonly
WinFast Multimedia Driver Installation -->C:\Program Files (x86)\InstallShield Installation Information\{418EC9DD-25EE-4C3F-8827-B7AA9B26405B}\setup.exe -runfromtemp -l0x0009 -removeonly
WinFast PVR2-->C:\Program Files (x86)\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\setup.exe -runfromtemp -l0x0009 -removeonly
WinFast TT-SB SDK-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AF9848E2-5F19-4E49-9E6E-044FBDC28404}\Setup.exe" -l0x9
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinUAE 1.5.3-->C:\Program Files (x86)\WinUAE\uninstall_winuae.exe
XviD MPEG-4 Video Codec-->"C:\Program Files (x86)\XviD\unins000.exe"

=====HijackThis Backups=====

O1 - Hosts: 208.109.221.107 view.atdmt.com
O1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com
O1 - Hosts: 208.109.221.107 delb.myspace.com
O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 208.109.221.107 demr.myspace.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250
O1 - Hosts: 208.109.221.107 rad.msn.com
O1 - Hosts: 208.109.221.107 delb2.myspace.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 208.109.221.107 dehp.myspace.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 208.109.221.107 desk.myspace.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 208.109.221.107 rad.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: 208.109.221.107 demr.myspace.com
O1 - Hosts: 208.109.221.107 dehp.myspace.com
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com
O1 - Hosts: 208.109.221.107 desk.myspace.com
O1 - Hosts: 208.109.221.107 delb.myspace.com
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: 208.109.221.107 delb2.myspace.com
O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250
O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600
O1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90
O1 - Hosts: 208.109.221.107 view.atdmt.com
O1 - Hosts: 68.178.151.28 demr.opt.fimserve.com # 300x250
O1 - Hosts: 208.109.221.107 dehp.myspace.com
O1 - Hosts: 208.109.233.197 themis.geocities.yahoo.com
O1 - Hosts: 208.109.221.107 debr.myspace.com
O1 - Hosts: 72.167.163.234 ads1.msn.com
O1 - Hosts: 68.178.151.28 desk.opt.fimserve.com # 160x600
O1 - Hosts: 208.109.221.107 demr.myspace.com
O1 - Hosts: 68.178.151.28 delb.opt.fimserve.com # 728x90
O1 - Hosts: 72.167.163.234 www.google-analytics.com
O1 - Hosts: 208.109.221.107 delb2.myspace.com
O1 - Hosts: 208.109.221.107 delb.myspace.com
O1 - Hosts: 208.109.221.107 view.atdmt.com
O1 - Hosts: 208.109.221.107 desk.myspace.com
O1 - Hosts: 208.109.221.107 rad.msn.com

======Hosts File======

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Spybot - Search and Destroy
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

System event log

Computer Name: Phil-PC
Event Code: 7036
Message: The Windows Installer service entered the stopped state.
Record Number: 105244
Source Name: Service Control Manager
Time Written: 20090118075902.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 33
Message: The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.
Record Number: 105245
Source Name: volsnap
Time Written: 20090118080711.503097-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 33
Message: The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.
Record Number: 105246
Source Name: volsnap
Time Written: 20090118080839.286097-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 7036
Message: The FLEXnet Licensing Service service entered the running state.
Record Number: 105247
Source Name: Service Control Manager
Time Written: 20090118102210.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 7036
Message: The FLEXnet Licensing Service service entered the stopped state.
Record Number: 105248
Source Name: Service Control Manager
Time Written: 20090118122310.000000-000
Event Type: Information
User:

Application event log

Computer Name: Phil-PC
Event Code: 1024
Message: Disk(s) were polled for SMART status.
Record Number: 43568
Source Name: NVRAIDSERVICE
Time Written: 20090118122708.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 1017
Message: SMART status for disk ST3320620AS returned OK.
Record Number: 43569
Source Name: NVRAIDSERVICE
Time Written: 20090118132709.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 1017
Message: SMART status for disk ST3320620AS returned OK.
Record Number: 43570
Source Name: NVRAIDSERVICE
Time Written: 20090118132709.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 1024
Message: Disk(s) were polled for SMART status.
Record Number: 43571
Source Name: NVRAIDSERVICE
Time Written: 20090118132709.000000-000
Event Type: Information
User:

Computer Name: Phil-PC
Event Code: 17896
Message: The time stamp counter of CPU on scheduler id 1 is not synchronized with other CPUs.
Record Number: 43572
Source Name: MSSQL$SQLEXPRESS
Time Written: 20090118133041.000000-000
Event Type: Information
User:

Security event log

Computer Name: Phil-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 32059
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118073809.810097-000
Event Type: Audit Success
User:

Computer Name: Phil-PC
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: PHIL-PC$
Account Domain: HOME
Logon ID: 0x3e7

Process:
Process ID: 0x1478
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x51db26
Record Number: 32060
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118073840.316097-000
Event Type: Audit Success
User:

Computer Name: Phil-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: PHIL-PC$
Account Domain: HOME
Logon ID: 0x3e7

Process:
Process ID: 0x1478
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x51db26
Record Number: 32061
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118073840.316097-000
Event Type: Audit Success
User:

Computer Name: Phil-PC
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: PHIL-PC$
Account Domain: HOME
Logon ID: 0x3e7

Process:
Process ID: 0x1478
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x51db5a
Record Number: 32062
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118073840.316097-000
Event Type: Audit Success
User:

Computer Name: Phil-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: PHIL-PC$
Account Domain: HOME
Logon ID: 0x3e7

Process:
Process ID: 0x1478
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x51db5a
Record Number: 32063
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090118073840.317097-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\Common Files\ArcSoft\Bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\Videocharge Software\Watermark Master;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

#41
andrewuk

Posted 18 January 2009 - 12:49 PM

Trusted Helper

Malware Removal
5,297 posts

ok, i have done additional research and i am pretty sure it related to Ulead VideoStudio and will be installed everytime it is run.

you can test this by running spybot and deleting the key and then running spybot again to make sure it is gone, then run Ulead VideoStudio and then run spybot again to see the key re-installed.

the solution from here would suggest that we delete the adtracker subkey and then change the permissions on the key to prevent it being written in again.

it is fairly straight forward, though does require you to enter the Registry:

Go START >>> Run
In the box type regedit and click ok. The Registry Editor will now open up. This is just like being in Explorer.
Navigate to HKEY_USERS\S-1-5-21-1177238915-1993962763-839522115-1003\Software\Softwrap\ by expanding the HKEY_USERS key (highlight it and press the + sign next to it), then the S-1-5-21-1177238915-1993962763-839522115-1003 key etc
If there's a subfolder once you have expanded the the key (i.e., Adtracker), delete it. However, keep the empty Softwrap folder there, or, if you're doing this after Spybot has cleared things out, add the empty Softwrap folder back as a subfolder of Software again. (Right-click on Software, select New...Key and type Softwrap for the name.)
Now, Right-click on the empty Softwrap folder. and select Permissions. Select each of the Group or user names in turn, and check the Deny box down below for each one. (The Read box will also get a check mark in it, that's normal.) Once you've done that, click OK, close the editor, and you're done.

That's it. What you've done is to refuse permission to any program or routine to write any data to that empty Softwrap key in the registry. So the next time you run VideoStudio, it won't be able to write anything there, and there will be nothing for Spybot to comment on when you run Spybot again.

let me know how it goes.

andrewuk

#42
Phillip...

Posted 18 January 2009 - 09:16 PM

Member

Topic Starter
Member
40 posts

Congratulations!: No immediate threats were found. ()

#43
andrewuk

Posted 18 January 2009 - 09:37 PM

Trusted Helper

Malware Removal
5,297 posts

sounds like we have a wrap

#44
andrewuk

Posted 21 January 2009 - 05:41 AM

Trusted Helper

Malware Removal
5,297 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.