Removing Party POker popups

Hi and welcome to Daniweb forums :).

Can you please do the following.

Download the newest version of HiJackThis; version 2.0.2. Place it in a permanent folder before scanning. Repost your log after following the steps below. This version has features that might be more helpful in 'cleaning' up your system.

Go to Add/Remove programs and uninstall the following, if present:

Viewpoint Manager

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

Next, Open a command prompt by:

1. Clicking "Start", then "Run...".
2. Enter "cmd" (without the quotes).
3. Enter "services.msc" (without the quotes).

Now, locate and 'stop' the following services, if present:

Viewpoint Manager Service - Viewpoint Corporation ... (C:\Program Files\Viewpoint\Common\ViewpointService.exe)

Look carefully, since the name of the service (above) can be anywhere in the entry; also be careful not to 'stop' any required system services. Once stopped, set this service to disabled.

Run HiJackThis then:

1. Click "Open the Misc Tools Section"
2. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

Scan with HijackThis and then place a check next to all the following, if present:

 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =   
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =   

 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)  

 O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?  

 O11 - Options group: [INTERNATIONAL] International* 

 O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe 

Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\Program Files\Viewpoint

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear.
• Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

THanks for the help.

Ok i have followed the insructions. I am attaching a new combofix log and hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:23:57 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Updater.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Colourificator\Colourificator.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
E:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe 5.1\IEBar.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Colourificator] C:\Program Files\Colourificator\Colourificator.exe mini
O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\gcadek1.NIGHTZONE\Application Data\MyTraveler\MyTraveler.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\Swhois3\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\SWMSIE~1.EXE
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://secure.learning.gov.ab.ca/edarts.internet/includes/smsx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Nightzone.local
O17 - HKLM\Software\..\Telephony: DomainName = Nightzone.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{44997308-E9CB-4809-9F72-109232FE155C}: NameServer = 192.168.1.100,64.59.184.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Nightzone.local
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 17353 bytes

==

ComboFix 08-01-14.1 - gcadek1 2008-01-13 16:00:06.1 - NTFSx86
Running from: C:\Documents and Settings\gcadek1\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 69550 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF
-------\NPF

((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-13 15:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-13 15:31 . 2008-01-13 15:50 <DIR> d-------- C:\Hijackthis
2008-01-10 20:56 . 2008-01-10 20:56 <DIR> d-------- C:\Program Files\Replicon Inc
2008-01-09 00:13 . 2008-01-14 16:11 11,564 --a------ C:\WINDOWS\system32\DVCState-{00000003-00000000-00000001-00001102-00000004-00531102}.rfx
2008-01-09 00:05 . 2008-01-09 00:05 <DIR> d-------- C:\Program Files\MSBuild
2008-01-09 00:01 . 2008-01-09 00:01 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-09 00:00 . 2008-01-09 00:00 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-08 23:59 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-01-08 23:47 . 2008-01-08 23:47 409,600 --a------ C:\WINDOWS\system32\wrap_oal.dll
2008-01-08 23:47 . 2006-11-14 07:28 86,016 --a------ C:\WINDOWS\system32\cttele.dll
2008-01-08 23:47 . 2008-01-08 23:47 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-01-08 23:47 . 2008-01-08 23:47 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-01-08 23:45 . 2008-01-08 23:45 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-01-07 21:39 . 2008-01-13 15:20 <DIR> d-------- C:\Program Files\ewido anti-spyware 4.0
2007-12-28 16:37 . 2008-01-14 16:02 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-12-19 13:05 . 2007-12-19 13:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-13 22:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-11 03:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 06:51 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-28 23:03 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-06 03:22 --------- d-----w C:\Documents and Settings\gcadek1\Application Data\ReGet Software
2007-12-06 03:12 --------- d-----w C:\Documents and Settings\gcadek1\Application Data\Newsbin
2007-11-24 20:06 --------- d-----w C:\Program Files\RegCure
2007-11-18 00:26 --------- d-----w C:\Documents and Settings\gcadek1\Application Data\Viewpoint
2007-11-15 06:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-15 06:51 --------- d-----w C:\Program Files\CyberLink DVD Solution
2007-11-15 06:45 --------- d-----w C:\Program Files\CyberLink
2007-11-15 02:08 --------- d-----w C:\Program Files\iTunes
2007-11-15 02:08 --------- d-----w C:\Program Files\iPod
2007-11-15 02:06 --------- d-----w C:\Program Files\QuickTime
2006-08-05 20:15 81,920 ----a-w C:\Documents and Settings\gcadek1\Application Data\ezpinst.exe
2006-08-05 20:15 47,360 ----a-w C:\Documents and Settings\gcadek1\Application Data\pcouffin.sys
2004-10-25 03:04 171 ----a-w C:\Program Files\gifoptzr.ini
2004-10-11 19:40 560 ----a-w C:\Documents and Settings\gcadek1\Application Data\ViewerApp.dat
2004-03-11 20:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2003-02-21 10:42 348,160 ----a-w C:\Program Files\msvcr71.dll
2002-07-27 00:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
2002-06-18 19:06 728,576 ----a-w C:\Program Files\GIFOptzr.exe
2004-09-20 02:46 56 --sh--r C:\WINDOWS\system32\A32E73BB0D.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]
@=Mediafour Mac Volume Icons

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 12:42 401491]
"Colourificator"="C:\Program Files\Colourificator\Colourificator.exe" [2003-01-26 12:06 233472]
"MyTraveler"="C:\Documents and Settings\gcadek1.NIGHTZONE\Application Data\MyTraveler\MyTraveler.exe" [ ]
"PowerBar"="" []
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-21 05:34 1649600]
"MP4 Player"="C:\Program Files\MP4 Player\mp4Player.exe" [2007-08-29 14:11 638976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WINDVDPatch"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe]
"CloneDVDElbyDelay"="C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" [ ]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 18:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 12:05 212992]
"PowerStrip"="c:\program files\powerstrip\pstrip.exe" [2006-08-12 20:12 628619]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2004-12-09 06:56 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"iRiver Updater"="\Updater.exe" [2004-07-01 14:20 212992]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 23:14 155648]
"PDF3 Registry Controller"="C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe" [2005-04-29 01:58 106496]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 22:00 864256]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 16:14 49152]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2005-12-04 15:38 437008]
"Mediafour Mac Volume Notifications"="C:\Program Files\Common Files\Mediafour\MACVNTFY.exe" [2002-12-17 14:43 61440]
"Mediafour XPlay Tray Notification Icon"="C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE" [2004-09-27 13:11 94208]
"MDDiskProtect.exe"="C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 14:54 106496]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-29 08:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 00:26 406016]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-09-21 02:22 73728]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-06-01 02:37 196608]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"CTHelper"="CTHELPER.EXE" [2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 12:32 19968 C:\WINDOWS\system32\Ctxfihlp.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 01:15:54]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 21:07:32]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2005-01-23 16:24:00]
WinZip Quick Pick.lnk - E:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\WZQKPICK.EXE [2007-06-06 10:10:02]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2006-09-08 12:29 24686 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsioReg]
--a------ 2004-08-04 00:56 11776 C:\WINDOWS\system32\regsvr32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 03:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-02-27 00:39 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mcupdmgr.exe"=3 (0x3)

R0 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2005-07-20 15:35]
R1 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-09-08 12:29]
R1 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 11:53]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-09-08 12:29]
R2 PStrip;PStrip;C:\WINDOWS\system32\drivers\PStrip.sys [2001-07-23 16:31]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-09-08 12:29]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-09-08 12:29]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 02:24]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]
R3 SaiH0464;SaiH0464;C:\WINDOWS\system32\DRIVERS\SaiH0464.sys [2005-11-03 10:52]
S2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2004-11-02 14:50]
S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 22:29]
S3 Wdm1;USB Bridge Cable Driver;C:\WINDOWS\system32\Drivers\usbbc.sys [2001-01-08 09:53]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38492512-7746-11db-9663-0007e95ecac4}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL index.html

.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 14:05:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-14 23:13:42 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2007-12-13 10:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 16:15:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run??????????st????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????$2???A~??A~????????\???\???????t???U?A~??A~\???\?????????a?L????C@?\???\??????s????\??????s\????$2?A??s?$2??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 16:21:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 23:21:12
.
2008-01-11 03:48:58 --- E O F ---

rename hijackthis.exe to something else and run it again. Some spywares hide from its name

How are things now?

Still getting the popup

Here is a new Hijackthis log run with Hijack this renamed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:29 PM, on 1/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\program files\powerstrip\pstrip.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Updater.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE
C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Colourificator\Colourificator.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
E:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ahead\Nero\nero.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Hijackthis\scanit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca/start/enCA/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe 5.1\IEBar.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Mediafour Mac Volume Notifications] "C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE" /auto
O4 - HKLM\..\Run: [Mediafour XPlay Tray Notification Icon] C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE
O4 - HKLM\..\Run: [MDDiskProtect.exe] C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Colourificator] C:\Program Files\Colourificator\Colourificator.exe mini
O4 - HKCU\..\Run: [MyTraveler] C:\Documents and Settings\gcadek1.NIGHTZONE\Application Data\MyTraveler\MyTraveler.exe
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SmartWhois - {FD9DE2B4-C926-4460-81C4-FC58C6F1062E} - C:\PROGRA~1\Swhois3\SWMSIE~1.EXE
O9 - Extra button: (no name) - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\SWMSIE~1.EXE
O9 - Extra 'Tools' menuitem: SmartWhois - {FF983118-58C7-4AD4-B5A7-691C39CB7B42} - C:\PROGRA~1\Swhois3\SWMSIE~1.EXE
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://secure.learning.gov.ab.ca/edarts.internet/includes/smsx.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\EI40_\msxml4.cab
O16 - DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} (CentrinoCheck Control) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/cpucheck_1_0_0_4.cab
O16 - DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} (MediaControl Class) - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/Entriq_3_4_0_15_Silent.cab
O16 - DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - http://entriq.vo.llnwd.net/o1/NBCUniversal/cabs/NBCUniversal_1_0_0_3.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Nightzone.local
O17 - HKLM\Software\..\Telephony: DomainName = Nightzone.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{44997308-E9CB-4809-9F72-109232FE155C}: NameServer = 192.168.1.100,64.59.184.13
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Nightzone.local
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\Program Files\Common Files\pestpatrol\ppRemoteService.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Check Point VPN-1 Securemote service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point VPN-1 Securemote watchdog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 17480 bytes

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

==

Go here and download then run Silent Runners.vbs. Right click on the download link and select Save Target As. Save it to the desktop or to a folder in a permanent directory. It generates a log which will be created in the same folder you are running it from. Please post the information back in this thread.
If you have a script blocking program, please allow the file to run. It is not malicious.

i prefer ccleaner to attribune

Try running it after Ccleaner and see how much more it removes :)

50mb !

w00t

but it seemed to break my wireless?

Had no problem myself and I have wireless too. Fix the wireless then run it again to see if it recurs.

yeah

seems that it is clearing my cache of keys - outlook lost my pop email password too and activesync lost that of my PDA

Ok ran AT cleaner and silentrunner

here is the silent runner log

"Silent Runners.vbs", revision 55, [url]http://www.silentrunners.org/[/url]
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"H/PC Connection Agent" = ""C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"Colourificator" = "C:\Program Files\Colourificator\Colourificator.exe mini" ["Septor Software"]
"MyTraveler" = "C:\Documents and Settings\gcadek1.NIGHTZONE\Application Data\MyTraveler\MyTraveler.exe" [file not found]
"PowerBar" = (empty string) [file not found]
"MSKAGENTEXE" = "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [file not found]
"AnyDVD" = "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" ["SlySoft, Inc."]
"MP4 Player" = ""C:\Program Files\MP4 Player\mp4Player.exe" hmw" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WINDVDPatch" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"CloneDVDElbyDelay" = ""C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay" [file not found]
"Jet Detection" = ""C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"" [empty string]
"CTStartup" = "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run" ["Creative Technology Ltd."]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" ["McAfee, Inc"]
"PowerStrip" = "c:\program files\powerstrip\pstrip.exe" ["EnTech Taiwan"]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."]
"PDF3 Registry Controller" = ""C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"" ["ScanSoft, Inc."]
"Acrobat Assistant 7.0" = ""C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."]
"IndexSearch" = "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" ["ScanSoft, Inc."]
"ControlCenter2.0" = "C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun" ["Brother Industries, Ltd."]
"SetDefPrt" = "C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" ["Brother Industories, Ltd."]
"itype" = ""C:\Program Files\Microsoft IntelliType Pro\itype.exe"" [MS]
"Mediafour XPlay Tray Notification Icon" = "C:\Program Files\Mediafour\XPlay\XPTRYICN.EXE" ["Mediafour Corporation"]
"MDDiskProtect.exe" = "C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe" ["Mediafour Corporation"]
"ShStatEXE" = ""C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE" ["McAfee, Inc."]
"McAfeeUpdaterUI" = ""C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey" ["McAfee, Inc."]
"PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string]
"USB2Check" = "RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController" [MS]
"USBToolTip" = ""C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"" ["Pinnacle Systems GmbH"]
"QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]
"CTxfiHlp" = "CTXFIHLP.EXE" ["Creative Technology Ltd"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{16664845-0E00-11D2-8059-000000000000}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "ClickCatcher MSIE handler"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\ReGet Shared\Catcher.dll" ["ReGet Software"]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\(Default) = "BitComet ClickCapture"
  -> {HKLM...CLSID} = "BitComet Helper"
                   \InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"
  -> {HKLM...CLSID} = "scriptproxy"
                   \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll" ["McAfee, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Windows Live Sign-in Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]
{AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
{E5A1691B-D188-4419-AD02-90002030B8EE}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "FlashFXP Helper for Internet Explorer"
                   \InProcServer32\(Default) = "C:\PROGRA~1\FlashFXP\IEFlash.dll" ["IniCom Networks, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension"
  -> {HKLM...CLSID} = "Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL" [MS]
"{5EB5D616-DC17-4f5c-BB4F-73D99A0C7C32}" = "ScanSoft PDF Converter 3.0 Shell Extension"
  -> {HKLM...CLSID} = "ScanSoft PDF Converter 3.0 Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\ScanSoft\PDF Professional 3.0\ShellExt30.dll" ["ScanSoft, Inc."]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL" [MS]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0}"
  -> {HKLM...CLSID} = "ImageExtractorShellExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF}"
  -> {HKLM...CLSID} = "CInfoTipShellExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{54457175-AE62-422f-8042-3188BA18A703}" = "FileProperty Shell Extension"
  -> {HKLM...CLSID} = "SimplyPropertyReader Class"
                   \InProcServer32\(Default) = "C:\Program Files\Winsim\sa_FileVer.dll" ["Sage Software, Inc."]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
  -> {HKLM...CLSID} = "AlcoholShellEx"
                   \InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AxShlex.dll" ["Alcohol Soft Development Team"]
"{97FA8AA2-EE77-4FF2-9449-424D8924EF21}" = "IntelliType Pro Zooming Control Panel Property Page"
  -> {HKLM...CLSID} = "IntelliType Pro Zooming Property Page"
                   \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"" [MS]
"{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB}" = "IntelliType Pro Scrolling Control Panel Property Page"
  -> {HKLM...CLSID} = "IntelliType Pro Scrolling Property Page"
                   \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"" [MS]
"{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2}" = "IntelliType Pro Key Settings Control Panel Property Page"
  -> {HKLM...CLSID} = "IntelliType Pro Key Settings Property Page"
                   \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"" [MS]
"{A2569D1F-4E06-43EC-9825-0088B471BE47}" = "IntelliType Pro Wireless Control Panel Property Page"
  -> {HKLM...CLSID} = "IntelliType Pro Wireless Control Panel Property Page"
                   \InProcServer32\(Default) = ""C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"" [MS]
"{B8EC5F76-DF86-4996-B1F2-95DE50306AA3}" = "Mediafour XPlay Device Properties"
  -> {HKLM...CLSID} = "Mediafour XPlay Device Properties"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPVPROPS.DLL" ["Mediafour Corporation"]
"{30B581E1-E01A-4F8E-A121-233ED0ABC9BD}" = "Mediafour XPlay Explorer Namespace Extension"
  -> {HKLM...CLSID} = "Mediafour XPlay Music Folder"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPNAMESP.DLL" ["Mediafour Corporation"]
"{E452F45B-DD18-4ADC-9C9A-2B26F85DABC0}" = "Mediafour Mac file properties"
  -> {HKLM...CLSID} = "Mediafour Mac file properties"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Mediafour\MACFPROP.DLL" ["Mediafour Corporation"]
"{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341}" = "Mediafour Mac file columns"
  -> {HKLM...CLSID} = "Mediafour Mac file columns"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Mediafour\MACFPROP.DLL" ["Mediafour Corporation"]
"{A08FB30D-51C4-4E54-AA5E-FF18739802EA}" = "Mediafour Mac Volume Icons"
  -> {HKLM...CLSID} = "Mediafour Mac Volume Icons"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Mediafour\MACVICON.DLL" ["Mediafour Corporation"]
"{A100D2CC-1015-4986-9205-979EA27FCDDB}" = "Mediafour XPlay Autosync Context Menu"
  -> {HKLM...CLSID} = "Mediafour XPlay Autosync Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPSYNC.DLL" ["Mediafour Corporation"]
"{F3549E69-4422-4735-9199-2061860A422A}" = "Mediafour XPlay Restore iPod Context Menu"
  -> {HKLM...CLSID} = "Mediafour XPlay Restore iPod Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPRESTOR.DLL" ["Mediafour Corporation"]
"{65FD6790-9907-417A-BA42-4F76961DA990}" = "Mediafour XPlay Folder Protection"
  -> {HKLM...CLSID} = "Mediafour XPlay Folder Protection"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPFPROT.DLL" [null data]
"{A37D10A6-3EE8-4b99-A400-8C71E5C7F1DE}" = "Mediafour XPlay Disconnect Menu"
  -> {HKLM...CLSID} = "Mediafour XPlay Disconnect Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPUNPLUG.DLL" ["Mediafour Corporation"]
"{C76B1B2D-37A2-4053-BC8E-D20AB1C0BCAD}" = "Mediafour XPlay Device Setup Context Menu"
  -> {HKLM...CLSID} = "Mediafour XPlay Device Setup Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPDEVSTP.DLL" ["Mediafour Corporation"]
"{EE1094C3-46CA-4BC4-AF0F-491FD1072154}" = "Mediafour XPlay Music Properties"
  -> {HKLM...CLSID} = "Mediafour XPlay Music Properties"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPAPROPS.DLL" [null data]
"{A87C79F7-4C0E-4ae8-A619-B9437BF9EA1F}" = "Mediafour XPlay Repair Database"
  -> {HKLM...CLSID} = "Mediafour XPlay Repair Database"
                   \InProcServer32\(Default) = "C:\Program Files\Mediafour\XPlay\XPDBREPR.DLL" ["Mediafour Corporation"]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "e:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\wzshlstb.dll" ["WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "e:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\wzshlstb.dll" ["WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "e:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\wzshlstb.dll" ["WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "e:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\wzshlstb.dll" ["WinZip Computing LP"]
"{79BC0345-1015-11D2-A299-006008312725}" = "blue.shell"
  -> {HKLM...CLSID} = "Studio.Project"
                   \InProcServer32\(Default) = "d:\Pinnacle\Studio 10\programs\BlueShellExt.dll" [null data]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "My Sharing Folders"
                   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
  -> {HKLM...CLSID} = "iTunes"
                   \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0"
  -> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
                   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\
<<!>> "Debugger" = ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\vs7jit.exe" -p %ld -e %ld" [MS]
"Auto" = "0"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> ckpNotify\DLLName = "ckpNotify.dll" ["Check Point Software Technologies"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{A454F2F5-BB5F-4ACE-AD9A-CC33353C7341}\(Default) = "Mediafour Mac file columns"
  -> {HKLM...CLSID} = "Mediafour Mac file columns"
                   \InProcServer32\(Default) = "C:\Program Files\Common Files\Mediafour\MACFPROP.DLL" ["Mediafour Corporation"]
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
  -> {HKLM...CLSID} = "Acrobat Elements Context Menu"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
BCShellEx\(Default) = "{B22A40F0-BD69-11D3-8D28-006097C82E57}"
  -> {HKLM...CLSID} = "BCShellEx"
                   \InProcServer32\(Default) = "C:\Program Files\Beyond Compare 2\BCShellEx.dll" ["Scooter Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
  -> {HKLM...CLSID} = "Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
UltraEdit-32\(Default) = "{b5eedee0-c06e-11cf-8c56-444553540000}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\UltraEdit\ue32ctmn.dll" [empty string]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "e:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\wzshlstb.dll" ["WinZip Computing LP"]
Zeon.ShellExt\(Default) = "{B8E8494C-9300-48AC-BD8E-EDED185E5A04}"
  -> {HKLM...CLSID} = "ZnShlExt Class"
                   \InProcServer32\(Default) = "C:\Program Files\ScanSoft\PDF Professional 3.0\bin\ZnShellExt.dll" ["ScanSoft, Inc."]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
BCShellEx\(Default) = "{B22A40F0-BD69-11D3-8D28-006097C82E57}"
  -> {HKLM...CLSID} = "BCShellEx"
                   \InProcServer32\(Default) = "C:\Program Files\Beyond Compare 2\BCShellEx.dll" ["Scooter Software"]
ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
  -> {HKLM...CLSID} = "CContextScan Object"
                   \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "e:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
BCShellEx\(Default) = "{B22A40F0-BD69-11D3-8D28-006097C82E57}"
  -> {HKLM...CLSID} = "BCShellEx"
                   \InProcServer32\(Default) = "C:\Program Files\Beyond Compare 2\BCShellEx.dll" ["Scooter Software"]
TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}"
  -> {HKLM...CLSID} = "Context Menu Shell Extension"
                   \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"]
VirusScan\(Default) = "{cda2863e-2497-4c49-9b89-06840e070a87}"
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Program Files\McAfee\VirusScan Enterprise\shext.dll" ["McAfee, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
  -> {HKLM...CLSID} = "WinRAR"
                   \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
  -> {HKLM...CLSID} = "WinZip"
                   \InProcServer32\(Default) = "e:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

Group Policies {GPedit.msc branch and setting}:

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\gcadek1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "gcadek1" & "All Users" startup folders:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Service Manager" -> shortcut to: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe /n" [MS]
"TabUserW.exe" -> shortcut to: "C:\WINDOWS\system32\WTablet\TabUserW.exe" ["Wacom Technology, Corp."]
"WinZip Quick Pick" -> shortcut to: "E:\Downloads\1-96171\R2G_WinZip_Pro_11.0.7313\WinZip\WZQKPICK.EXE" ["WinZip Computing, S.L."]

Enabled Scheduled Tasks:

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -task" ["Apple Inc."]
"RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data]
"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]

Winsock2 Service Provider DLLs:

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
  -> {HKLM...CLSID} = "Adobe PDF"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"
  -> {HKLM...CLSID} = "Adobe PDF"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF"
                   \InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]
"{17939A30-18E2-471E-9D3A-56DD725F1215}" = "ReGet Bar"
  -> {HKLM...CLSID} = "ReGet Bar"
                   \InProcServer32\(Default) = "C:\Program Files\ReGet Software\ReGet Deluxe 5.1\IEBar.dll" ["ReGet Software"]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{16664849-0E00-11D2-8059-000000000000}\(Default) = "MSIE Spy"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Common Files\ReGet Shared\Catcher.dll" ["ReGet Software"]

HKLM\SOFTWARE\Classes\CLSID\{182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = "Adobe PDF"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Classes\CLSID\{E7A829CC-671F-4C3D-B590-8C0AEA72E6B2}\(Default) = "BitComet Button"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll" ["BitComet"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}\
"ButtonText" = "Flash Decompiler SWF Capture tool"
"MenuText" = "Flash Decompiler SWF Capture tool menu"
"CLSIDExtension" = "{86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5}"
  -> {HKLM...CLSID} = "IEButton Class"
                   \InProcServer32\(Default) = "C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{04849C74-016E-4A43-8AA5-1F01DE57F4A1}\
"ButtonText" = "Trace"
"MenuText" = "VisualRoute Trace"
"CLSIDExtension" = "{8C85E2EE-9FD6-11D5-B770-504D54C10000}"
  -> {HKLM...CLSID} = "vrie"
                   \InProcServer32\(Default) = "C:\Program Files\VisualRoute\vrie.dll" ["VisualWare"]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
                   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{0E17D5B7-9F5D-4FEE-9DF6-CA6EE38B68A8}\
"ButtonText" = "ieSpell"
"MenuText" = "ieSpell"
"Script" = "res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM" ["Red Egg Software"]

{1606D6F9-9D3B-4AEA-A025-ED5B2FD488E7}\
"MenuText" = "ieSpell Options"
"Script" = "res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM" ["Red Egg Software"]

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Create Mobile Favorite"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
  -> {HKLM...CLSID} = "Create Mobile Favorite"
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\inetrepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Create Mobile Favorite..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
  -> {HKLM...CLSID} = "Create Mobile Favorite"
                   \InProcServer32\(Default) = "C:\Program Files\Microsoft ActiveSync\inetrepl.dll" [MS]

{461CC20B-FB6E-4F16-8FE8-C29359DB100E}\
"ButtonText" = "BitComet Search"

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{E19ADC6E-3909-43E4-9A89-B7B676377EE3}\
"ButtonText" = "Sothink SWF Catcher"
"MenuText" = "Sothink SWF Catcher"
"Script" = "C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm" [null data]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

{FD9DE2B4-C926-4460-81C4-FC58C6F1062E}\
"ButtonText" = "SmartWhois"
"Exec" = "C:\PROGRA~1\Swhois3\SWMSIE~1.EXE" ["TamoSoft, Inc."]

{FF983118-58C7-4AD4-B5A7-691C39CB7B42}\
"MenuText" = "SmartWhois"
"Exec" = "C:\PROGRA~1\Swhois3\SWMSIE~1.EXE" ["TamoSoft, Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):

Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."]
Check Point VPN-1 Securemote service, SR_Service, ""C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"" ["Check Point Software Technologies"]
Check Point VPN-1 Securemote watchdog, SR_WatchDog, ""C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe"" ["Check Point Software Technologies"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTsvcCDA.exe" ["Creative Technology Ltd"]
ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
McAfee Framework Service, McAfeeFramework, ""C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart" ["McAfee, Inc."]
McAfee McShield, McShield, ""C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"" ["McAfee, Inc."]
McAfee Task Manager, McTaskManager, ""C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"" ["McAfee, Inc."]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
MSSQL$PINNACLESYS, MSSQL$PINNACLESYS, ""D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS" [MS]
Pinnacle Systems Media Service, PinnacleSys.MediaServer, ""C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe"" [null data]
StarWind AE Service, StarWindServiceAE, "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe" ["Rocket Division Software"]
TabletService, TabletService, "C:\WINDOWS\System32\Tablet.exe" ["Wacom Technology, Corp."]
Windows Driver Foundation - User-mode Driver Framework, WudfSvc, "C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup" {"C:\WINDOWS\System32\WUDFSvc.dll" [MS]}
Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS]

Print Monitors:

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."]
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]


---------- (launch time: 2008-01-18 20:28:09)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
  DLL launch points, use the -supp parameter or answer "No" at the
  first message box and "Yes" at the second message box.
---------- (total run time: 173 seconds, including 18 seconds for message boxes)

Cannot see anything there either.

Uninstall Ewido and download it's replacement below;

Please download and install AVG antispyware tool

• Close all other Applications Select language click Ok
• Click I Agree
• Click next
• Click Install
• Click Finish
• Wait and AVG antispyware will open to the main screen automatically.
• Wait again a few minutes and AVG antispyware Should Auto update itself. If it doesn't click update at top of screen.
• It is very important that you get updated
• When updating has finished. Close AVG antispyware.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

• Next, please reboot your computer in Safe Mode by doing the following:
• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
• Instead of Windows loading as normal, a menu should appear use arrow up to highlight
• Select the first option, to run Windows in Safe Mode hit enter.
• For additional help in booting into Safe Mode, see the following site: HERE

  You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while AVG antispyware performs its scan!

• Run AVG antispyware.
• Click on scanner at top of AVG antispyware screen.
• Click on Settings.
• Under How to Act click on Recommended Action and choose Quarantine.
• Under How to scan all boxes should be selected.
• Under Possibly unwanted software all boxes should be selected.
• On right side under Reports: click on Do not automatically generate report after every scan.
• Under What to scan select scan every file.
• Click On scan Tab.
• Click on Complete system scan.
• Let the program scan the machine It can take awhile give it time.
• When scan has finished at bottom of screen click Apply all Actions.
• Click Save report
• Click Save Report as (Save as window's screen should pop up.)
• Click desktop.
• Click Save.
• Exit AVG antispyware.

Reboot back to normal mode.
Post the log here.