Major Virus Problem - Tried Fixing (Still Not Fixed)

This is a full description of the problem I briefly told Noahdfear about a few hours ago.

Yesterday my computer got taken over by a virus/malware/trojan which made my computer keep saying that it was infected and that I needed to use the program Ultimate Defender to fix it. My access to many programs including the Control Panel was taken away and the computer nearly ground to a halt.

I have tried following these instructions I found elsewhere on another site (geektogo I believe):

--------------------------------------------



2) Open SmitFraudFix, and choose option 4 to check for updates and download any updates, then quit the program

3) Restart your computer in Safe Mode


4) Open the SmitRem folder and double-click on RunThis.bat to start the SmitRem removal procedure. Besides removing particular files that it looks for, the tool also runs the Disk Cleanup tool to remove temporary files on the hard drive that may contain problem files. For a Tutorial on using SmitRem click here

5) After SmitRem has finished, open SmitFraudFix and choose to search (option 1) and clean (option 2) and run a full system scan to remove anything it finds. For a tutorial on using SmitFraudFix click here

SmitFraudFix's log report shows the items deleted for this infection.

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


6) Double-click on RogueRemover and run it to remove misc rogue application files installed with SmitFraud. If you prefer you can purchase RogueRemover Pro which provides a realtime RogueMonitor that will alert you if you attempt to download a rogue program.

7) While still in Safe Mode, run CCleaner. Analyze and Clean files it finds, then click on the Issues button on the left side of the screen and Scan and Fix any Registry issues CCleaner discovers. Run both the Registry Scanner and the File Analyzer until nothing else is found.

8) Run Hijackthis and Remove any leftover issues. If you are not sure, if a line in Hijackthis is a problem, reboot in normal mode and use the Online HiJackthis Scanner to see if the file is a threat. Just copy and paste your Hijackthis log file into the scanner and let it analyze it for you. Although its not perfect, it will give you an idea if your system is clean or still needs some work. Do not delete anything with Hijackthis unless you are absolutely sure what the file is and what it does.


9) Reboot computer in Normal mode


11) Delete any leftover directories for UltimateCleaner2007, UltimateDefender, VideoAccessCodec, etc. in the C:\Program Files folder by right-clicking on the folder and choosing Delete.

---------------------------------------------------

This didn't fix the problem so I downloaded SUPERAntispyware and ran it. It found literally hundreds of infections so I cleaned them all.

Now my computer is running slower than ever and this happens:

When I start up this come up:

Pop-up Box (RegSvr32): C:\Window\system32\gebcd.dll was loaded, but the DllUnregisterServer entry point was not found. This file cannot be registered.

Every minute or so once I start up this comes up:

Pop-up Box (RegSvr32): DllRegisterServer in C:\Program Files\Helper\Helper9.dll succeeded.

I will post a dump of my HijackThis file.

Logfile of HijackThis v1.99.1
Scan saved at 8:16:26 PM, on 7/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\lsass.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\lsass .exe
C:\Program Files\OptusNet DSL Internet\DSC .exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Daemon Tools\daemon .exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.groups.com.au
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
F2 - REG:system.ini: Shell=Explorer.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebcb.exe
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

 

Apologies for the double post.

I might as well mention that the original Ultimate Defender messages and virus alerts have stopped after what I did above. Now it's more the lack of access, being extremely slow and the RegSvr32 messages constantly coming up.

 

Hi Waverly,

First, please read through this post, then replace your current HijackThis with the current version. Run a scan and save the log, but no need to post that one.

Next, run Deckard's System Scanner and post the main.txt log.

Finally, download ComboFix by sUBs from here, saving the file to your desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


I also recommend you uninstall SuperAntispyware and see if it is the cause of the slowdown.

 

Thanks - I am onto it now.

I should also mention that when browsing the net I'm still getting re-directed to random sites.

Here are the Deckard logs:

Deckard's System Scanner v20071014.68
Run by user on 2008-01-07 23:07:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.53 GiB (less than 15%) free.


-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:21 PM, on 7/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\lsass.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\WINDOWS\lsass .exe
C:\Program Files\Daemon Tools\daemon .exe
C:\Program Files\OptusNet DSL Internet\DSC .exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.groups.com.au
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
F2 - REG:system.ini: Shell=Explorer.exe
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebcb.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5843B555-6F27-4F69-BABE-DF460BA0B05D} - C:\WINDOWS\system32\gebcb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {88A404E1-8855-4493-BF23-3AB474AD8D56} - (no file)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\Helper9.dll
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\lsass .exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

--
End of file - 6547 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - unable to read value
.js - JSFile - shell\open\command - unable to read value
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync03 (StarForce Protection Synchronization Driver (version 3.x)) - c:\windows\system32\drivers\sfsync03.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 MarvinBus (Pinnacle Marvin Bus) - c:\windows\system32\drivers\marvinbus.sys <Not Verified; Pinnacle Systems GmbH; Pinnacle Marvin>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S1 PCLEPCI - c:\windows\system32\drivers\pclepci.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 l8042pr2 (Logitech PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042pr2.sys <Not Verified; Logitech; MouseWare>
S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 ScsiAccess - c:\windows\system32\scsiaccess.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-11-23 07:59:46 268 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-05-26 13:30:48 390 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job


-- Files created between 2007-12-07 and 2008-01-07 -----------------------------

2008-01-07 22:58:44 0 d-------- C:\Program Files\Trend Micro
2008-01-07 22:54:03 6795 --ahs---- C:\WINDOWS\system32\bcbeg.ini2
2008-01-07 22:45:15 0 d-------- C:\WINDOWS\LastGood
2008-01-07 08:10:27 338432 -----n--- C:\WINDOWS\system32\gebcb.dll
2008-01-06 23:13:47 9728 --a------ C:\WINDOWS\shell .exe
2008-01-06 23:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 23:04:16 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 23:04:16 0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-01-06 23:03:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 22:45:06 0 d-------- C:\Program Files\Helper
2008-01-06 22:30:35 0 dr-h----- C:\Documents and Settings\user\Recent
2008-01-06 22:28:44 0 d-------- C:\Program Files\CCleaner
2008-01-06 22:26:28 0 d-------- C:\Program Files\RogueRemover FREE
2008-01-06 22:21:04 3736 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-06 22:14:11 155648 --a------ C:\WINDOWS\system32\NeroCheck .exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-06 21:58:01 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-01-06 21:58:01 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-06 21:58:01 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-06 21:58:01 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-06 21:58:01 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2008-01-06 21:58:01 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-01-06 21:58:00 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-06 21:58:00 0 d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-06 21:58:00 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-06 21:57:59 1310720 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-06 21:45:26 24576 --a------ C:\WINDOWS\system32\CTHELPER .EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2008-01-06 20:36:03 369664 --a------ C:\WINDOWS\lsass .exe <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>
2008-01-06 13:31:54 0 d-------- C:\Documents and Settings\user\Application Data\EasySpywareCleaner.com
2008-01-06 13:31:24 0 d-------- C:\Program Files\EasySpywareCleaner
2008-01-06 13:17:45 369664 --a------ C:\WINDOWS\lsass.exe <Not Verified; MskSoftStudy Corp.; Anti-Virus Project (AVP) spyware removal module>
2008-01-06 13:15:46 0 --a------ C:\Install
2008-01-06 13:12:18 1 --a------ C:\WINDOWS\system32\rc.dat
2008-01-06 13:12:18 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-01-06 13:04:16 0 d--hs---- C:\FOUND.011
2008-01-06 12:58:25 2 --a------ C:\794366681
2008-01-06 12:58:17 58880 --a------ C:\ysxl.exe
2007-12-15 13:31:03 0 d-------- C:\Program Files\Codemasters


-- Find3M Report ---------------------------------------------------------------

2008-01-07 22:45:02 498688 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-01-07 22:45:02 367616 --a------ C:\WINDOWS\system32\CTHELPER.EXE <Not Verified; Creative Technology Ltd; CtHelper Application>
2007-11-30 16:56:50 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-11-16 06:54:46 0 d-------- C:\Program Files\THQ
2007-11-09 14:39:56 94664 --a------ C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5843B555-6F27-4F69-BABE-DF460BA0B05D}]
07/01/2008 08:10 AM 338432 --------- C:\WINDOWS\system32\gebcb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88A404E1-8855-4493-BF23-3AB474AD8D56}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
07/01/2008 10:20 PM 19456 --------- C:\Program Files\Helper\Helper9.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC "= "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [07/01/2008 10:45 PM]
"CTHelper "= "CTHELPER.EXE" [07/01/2008 10:45 PM C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg "= "REGSVR32.exe" [04/08/2004 06:56 PM C:\WINDOWS\system32\regsvr32.exe]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [04/10/2007 05:14 PM]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [07/01/2008 10:45 PM]
"Cmaudio "= "cmicnfg.cpl" []
"Desktop Service Centre "= "C:\Program Files\OptusNet DSL Internet\DSC.exe" [07/01/2008 10:19 PM]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [07/01/2008 10:45 PM]
"nwiz "= "nwiz.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [04/10/2007 05:14 PM]
"SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [07/01/2008 10:45 PM]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [07/01/2008 10:45 PM]
"lsass "= "C:\WINDOWS\lsass .exe" [07/01/2008 10:45 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\MSMSGS.exe" [07/01/2008 10:45 PM]
"DAEMON Tools "= "C:\Program Files\Daemon Tools\daemon.exe" [07/01/2008 10:19 PM]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/01/2008 10:19 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NvMediaCenter "=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [26/04/2005 11:51:05 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [26/04/2005 11:51:05 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell "= "Explorer.exe "

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls "=C:\WINDOWS\system32\wowfx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\gebcb

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll, xlibgfl254.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@= "Volume shadow copy "




-- Hosts -----------------------------------------------------------------------

10.18.250.4 ad.doubleclick.net
10.18.250.4 ad.fastclick.net
10.18.250.4 ads.fastclick.net
10.18.250.4 ar.atwola.com
10.18.250.4 atdmt.com
10.18.250.4 avp.ch
10.18.250.4 avp.com
10.18.250.4 avp.ru
10.18.250.4 awaps.net
10.18.250.4 banner.fastclick.net

90 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-01-07 23:10:24 ------------

 

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.60GHz
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 511.48 MiB / 247.82 MiB
Pagefile Memory (total/avail): 1236.64 MiB / 998.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.4 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 74.51 GiB total, 2.53 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380012A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 74.53 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\printer.exe "= "C:\\Documents and Settings\\user\\Application Data\\printer.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\printer.exe "= "C:\\WINDOWS\\system32\\printer.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\spoolvs.exe "= "C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\shell.exe "= "C:\\WINDOWS\\shell.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast.exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabledxpsp2res.dll,-22019 "
"%windir%\\system32\\winav.exe "= "%windir%\\system32\\winav.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\mcrupdate.exe "= "C:\\Documents and Settings\\user\\Application Data\\mcrupdate.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\trant.exe "= "C:\\Documents and Settings\\user\\Application Data\\trant.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe "= "C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\shell .exe "= "C:\\WINDOWS\\shell .exe:*:Enabledxpsp2res.dll,-22019 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe "= "C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe:*isabled:backWeb-7288971 "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Program Files\\NewSoft\\Presto! PageManager 6\\NetGroup.exe "= "C:\\Program Files\\NewSoft\\Presto! PageManager 6\\NetGroup.exe:*:Enabled:NewSoft Network Group "
"C:\\Program Files\\Azureus\\Azureus.exe "= "C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus "
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe "= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008 "
"C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winB.exe "= "C:\\DOCUME~1\\user\\LOCALS~1\\Temp\\winB.exe:*:Enabled:winB "
"C:\\Documents and Settings\\user\\Application Data\\printer.exe "= "C:\\Documents and Settings\\user\\Application Data\\printer.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\printer.exe "= "C:\\WINDOWS\\system32\\printer.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\system32\\spoolvs.exe "= "C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\shell.exe "= "C:\\WINDOWS\\shell.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast.exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe "= "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\autorun.exe:*:Enabledxpsp2res.dll,-22019 "
"%windir%\\system32\\winav.exe "= "%windir%\\system32\\winav.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\mcrupdate.exe "= "C:\\Documents and Settings\\user\\Application Data\\mcrupdate.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Application Data\\trant.exe "= "C:\\Documents and Settings\\user\\Application Data\\trant.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe "= "C:\\Documents and Settings\\Administrator\\Start Menu\\Programs\\Startup\\findfast.exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe "= "C:\\Documents and Settings\\user\\Start Menu\\Programs\\Startup\\findfast .exe:*:Enabledxpsp2res.dll,-22019 "
"C:\\WINDOWS\\shell .exe "= "C:\\WINDOWS\\shell .exe:*:Enabledxpsp2res.dll,-22019 "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OEM-VSW4ECXI8FT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\OEM-VSW4ECXI8FT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\;V5.00;C:\WINDOWS\LHSP
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=OEM-VSW4ECXI8FT
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MTP_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_NOMADJUKEBOXTYPE2_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /U /S /R
--> "C:\Program Files\Creative\SBAudigy2ZS\Program\Ctzapxx.EXE" /W /U /S
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\System32\UninstIPP.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-1C3B8A06BE60}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC69B6-B2FE-442E-B106-A1E57DEBC5C1}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC69B6-B2FE-442E-B106-A1E57DEBC5C1}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DF9BF77-7E10-4973-965E-3B7013ABEA6D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE-71AAA693A8E2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763-D32204D2563D}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe "
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 2.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c "C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll "
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AltoMP3 Gold 5.20 --> C:\Program Files\AltoMP3 Gold\uninst.exe
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D= "C:\Program Files\SlySoft\AnyDVD "
Askey HSFi V.90(V.92) 56K PCI Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D89144F\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_8D89144F
aspi --> MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
Aspire Screen Saver --> C:\WINDOWS\Aspire.scr /u
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
AudibleManager --> C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AutoCAD 2005 - English --> MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avanquest update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe" -l0x9
Azureus --> C:\Program Files\Azureus\Uninstall.exe
BigPhoto Print Wizard 4.0.4.2 --> "C:\Program Files\BigPhoto\Print Wizard\unins000.exe "
C-Media 3D Audio --> C:\WINDOWS\CMIUnInstall.exe
Canon MP Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58F8C6D9-5B55-486A-A322-4E8D87670031}\Setup.exe" -l0x9 -Uninstall
Canon MP Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4669544E-20E4-4E56-8B44-2E6E1200051F}\Setup.exe" -l0x9 -Uninstall
Canon Utilities Easy-PhotoPrint --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c "C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL "
Cars --> C:\Program Files\THQ\Disney-Pixar\Cars\_uninst\uninstaller.exe
CCHelp --> MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe "
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Children's Encyclopedia --> C:\WINDOWS\uninst.exe -r "DK Multimedia\Children's Encyclopedia\1.0.0" -n "Children's Encyclopedia" -fC:\PROGRA~1\DKMULT~1\CHILDR~1\DeIsL1.isu -cC:\PROGRA~1\DKMULT~1\CHILDR~1\uninst.dll
Core FTP LE 1.3c --> C:\PROGRA~1\COREFTP\UNWISE.EXE C:\PROGRA~1\COREFTP\INSTALL.LOG
CR2 --> MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Removable Disk Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN Neeon 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD4E589A-C44A-4498-A8AF-6AFF09E07901}\SETUP.EXE" -l0x9 /remove
Creative ZEN Vision M Series --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31C44235-A613-4E95-B297-207BF6C6A8C1}\SETUP.EXE" -l0x9 /remove
D-Link DSL-302G USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCEC3BD-FFCA-4146-8587-17650B86165B}\Setup.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
Dora Lost City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{747C231B-062D-4586-8221-8E7870987D5B}\setup.exe" -l0x9 -uninst
DVD Shrink 3.1.7 --> "C:\Program Files\DVD Shrink\unins000.exe "
DVDFab Decrypter 2.9.8.1 --> "C:\Program Files\DVDFab Decrypter\unins000.exe "
e-tax 2007 --> C:\Data\2007 ETax\etax2007\e-tax 2007_uninstall.exe
Easy Spyware Cleaner --> "C:\Program Files\EasySpywareCleaner\uninstall.exe "
ESSAdpt --> MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP --> MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM --> MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT --> MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTUTOR --> MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht --> MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot --> MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
Eye Candy 4000 --> C:\EYECAN~1\UNWISE.EXE C:\EYECAN~1\INSTALL.LOG
FIFA 07 --> C:\Program Files\EA SPORTS\FIFA 07\EAUninstall.exe
FinePixViewer Resource --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE" -l0x9
FinePixViewer Ver.5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE" -l0x9
Football Manager 2007 --> C:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe
Football Manager 2008 --> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe "
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe "
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR --> MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex --> MsiExec.exe /I{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Image Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
Indeo® Software --> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Ligos\Indeo\Uninst.isu" -c "C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll "
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
KB Piano v.2.2 --> C:\Program Files\KB Piano 2\uninstall.exe
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3d001c_292bbf4b\Setup.exe /APR-REMOVE
Korean Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ko.inf, Uninstall
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Learning in Toyland --> G:\setup.exe -funinst.ins
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\Install.log
Magic ISO Maker v5.3 (build 0229) --> C:\PROGRA~1\MAGICISO\UNWISE.EXE C:\PROGRA~1\MAGICISO\INSTALL.LOG
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe "
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe "
MediaRecorder --> MsiExec.exe /I{F8EB85B9-490E-4697-AFF2-279EE83B9FBC}
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MouseWare 9.43 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OptusNet DSL --> C:\Program Files\OptusNet DSL Internet\Uninstall.exe
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
PCDLNCH --> MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Presto! PageManager 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{580183A6-FF92-11D5-9294-0050BA073EEC}\Setup.exe" -l0x9 anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Race Driver 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0297C87B-CC40-446F-865A-031B4FC0CF22}\Setup.exe" -l0x9 -removeonly
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Real Alternative 1.51 --> "C:\Program Files\Real Alternative\unins000.exe "
SDP Downloader --> MsiExec.exe /I{B547CB8D-549A-436E-97B5-E79F911B11E2}
SFR --> MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2 --> MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
SiS 650_651_M650_M652_740 --> Rundll32 SiSInst.dll,Uninstall VGA,r,0
SiS 650_740 --> RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f "C:\PROGRA~1\SISCOM~1.22\DeIsL1.isu "&P.U 4 xvga.in&-1
Sony DVD Architect 4.0 --> MsiExec.exe /X{219CB444-F2B6-4A17-8A76-BB7847F3DB26}
Sony Media Manager 2.2 --> MsiExec.exe /X{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony Vegas 7.0a --> MsiExec.exe /X{251C3815-7A55-4607-A82D-C3B98F0FBAB8}
Sound Blaster Audigy 2 ZS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E2514D9-DC24-4634-B348-61F3EF0F1628}\SETUP.EXE" -l0x9
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ulead COOL 3D 3.0 --> C:\WINDOWS\Ulead.dat\uninstall\setup.exe
Ulead GIF Animator 5 ESD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe"
UltraGet Video Downloader 1.1.2 --> "C:\Program Files\UltraGet Video Downloader\unins000.exe "
USB Multimedia Keyboard Driver Ver1.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08DA21BF-9912-409E-B802-943C6DC2DA81}\Setup.exe" -l0x9
VCAMCEN --> MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver --> C:\Program Files\WinAce\SXUNINST.EXE C:\Program Files\WinAce\SXUNINST.INI
WinAVI VideoConverter --> "C:\Program Files\WinAVI VideoConverter\unins000.exe "
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZENcast Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove


-- Application Event Log -------------------------------------------------------

Event Record #/Type7099 / Warning
Event Submitted/Written: 01/07/2008 10:53:37 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete' failed during request for component '{A6C8A50F-4808-43A4-A147-ACAA2598DE52}'

Event Record #/Type7098 / Warning
Event Submitted/Written: 01/07/2008 10:53:37 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}', feature 'Complete', component '{B2B6EDF3-22B8-47B3-8358-4D1976F0949D}' failed. The resource 'C:\Program Files\SUPERAntiSpyware\Quarantine\' does not exist.

Event Record #/Type7097 / Warning
Event Submitted/Written: 01/07/2008 10:18:58 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type7091 / Warning
Event Submitted/Written: 01/07/2008 07:55:26 PM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type7087 / Warning
Event Submitted/Written: 01/07/2008 08:08:52 AM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type44405 / Error
Event Submitted/Written: 01/07/2008 10:19:02 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Cql57
PCLEPCI

Event Record #/Type44403 / Error
Event Submitted/Written: 01/07/2008 10:18:56 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ScsiAccess service failed to start due to the following error:
%%2

Event Record #/Type44375 / Error
Event Submitted/Written: 01/07/2008 07:55:55 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Cql57
PCLEPCI

Event Record #/Type44374 / Error
Event Submitted/Written: 01/07/2008 07:55:47 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ScsiAccess service failed to start due to the following error:
%%2

Event Record #/Type44349 / Error
Event Submitted/Written: 01/07/2008 08:08:53 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The ScsiAccess service failed to start due to the following error:
%%2



-- End of Deckard's System Scanner: finished at 2008-01-07 23:10:24 ------------

 

ComboFix 08-01-07.4 - user 2008-01-07 23:17:37.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.240 [GMT 11:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner .exe
C:\Program Files\Helper
C:\Program Files\Helper\Helper9.dll
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\MouseWare\system\EM_EXEC .EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\REGSHAVE\REGSHAVE.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\lsass .exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\CTHELPER .EXE
C:\WINDOWS\system32\drivers\sfsync03.sys
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\REGSVR32 .EXE
C:\WINDOWS\UpdReg.EXE

Code:

 <pre>
C:\WINDOWS\UpdReg .EXE ---> UpdReg.EXE
C:\WINDOWS\system32\CTHELPER .EXE ---> QooBox
C:\WINDOWS\system32\REGSVR32 .EXE ---> QooBox
C:\WINDOWS\system32\NeroCheck .exe ---> NeroCheck.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe ---> QooBox
C:\Program Files\Messenger\msmsgs .exe ---> msmsgs.exe
C:\Program Files\MouseWare\system\EM_EXEC .EXE ---> QooBox
C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe ---> SBDrvDet.exe
C:\Program Files\REGSHAVE\REGSHAVE .EXE ---> REGSHAVE.EXE
C:\Program Files\OptusNet DSL Internet\DSC .exe ---> DSC.exe
C:\Program Files\Daemon Tools\daemon .exe ---> daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware .exe ---> SUPERAntiSpyware.exe
C:\Program Files\EasySpywareCleaner\EasySpywareCleaner .exe ---> QooBox
</pre> 

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC03
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2007-12-07 to 2008-01-07 )))))))))))))))))))))))))))))))
.

2008-01-07 23:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 23:07 . 2008-01-07 23:07 <DIR> d-------- C:\Deckard
2008-01-07 22:58 . 2008-01-07 22:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 23:13 . 2008-01-06 23:13 9,728 --a------ C:\WINDOWS\shell .exe
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 23:03 . 2008-01-06 23:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 22:28 . 2008-01-06 22:28 <DIR> d-------- C:\Program Files\CCleaner
2008-01-06 22:26 . 2008-01-06 22:26 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-01-06 22:21 . 2008-01-06 22:24 3,736 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-06 22:14 . 2008-01-07 22:19 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-06 21:58 . 2003-03-03 09:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-06 21:58 . 2003-03-04 06:06 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-06 21:58 . 2003-03-03 09:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 14:08 . 2008-01-07 22:19 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Documents and Settings\user\Application Data\EasySpywareCleaner.com
2008-01-06 13:15 . 2008-01-06 13:15 0 --a------ C:\Install
2008-01-06 13:12 . 2008-01-06 13:12 1 --a------ C:\WINDOWS\system32\rc.dat
2008-01-06 13:12 . 2008-01-06 13:12 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-01-06 13:11 . 2008-01-06 13:11 29 --a------ C:\WINDOWS\system32\dpiyurfh.tmp
2008-01-06 13:04 . 2008-01-06 13:04 <DIR> d--hs---- C:\FOUND.011
2008-01-06 12:58 . 2008-01-06 12:58 58,880 --a------ C:\ysxl.exe
2008-01-06 12:58 . 2008-01-06 12:58 2 --a------ C:\794366681
2007-12-15 13:31 . 2007-12-15 13:31 <DIR> d-------- C:\Program Files\Codemasters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-07 11:45 367,616 ----a-w C:\WINDOWS\system32\CTHELPER.EXE
2007-11-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-15 19:54 --------- d-----w C:\Program Files\THQ
2007-11-09 03:39 94,664 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-10-28 08:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-01 09:42 297,992 ----a-w C:\Program Files\Thomas The Tank Engine and Friends.zip
2007-07-01 08:56 1,384,960 ----a-w C:\Program Files\SDP_v2_3_0.msi
2007-07-01 08:45 397,312 ----a-w C:\Program Files\MediaRecorder_Install.pgm.msi
2007-06-18 13:14 280,227 ----a-w C:\Program Files\FreeMPC.jar
2007-06-18 12:16 1,630,151 ----a-w C:\Program Files\Setup_AltoMP3Gold.exe
2007-06-12 09:15 18,937,781 ----a-w C:\Program Files\650_222_win2kxp.zip
2007-01-31 10:33 2,094,778 ----a-w C:\Program Files\kbpianost.exe
2007-01-09 07:36 24,192 ----a-w C:\Documents and Settings\user\usbsermptxp.sys
2007-01-09 07:36 22,768 ----a-w C:\Documents and Settings\user\usbsermpt.sys
2006-10-31 12:53 14,405,024 ----a-w C:\Program Files\GoogleEarthWin.exe
2006-09-18 09:56 627,995 ----a-w C:\Program Files\ZSNES_0904.zip
2006-07-23 11:21 1,322,736 ----a-w C:\Program Files\DVDFabDecrypter29.exe
2006-07-21 09:29 81,393 ----a-w C:\Program Files\AnyDVD[1].patch.rar
2006-07-21 09:11 1,293,030 ----a-w C:\Program Files\SetupAnyDVD6031.exe
2005-07-23 12:20 13,235,784 ----a-w C:\Program Files\avg70free_338a597.exe
2005-05-05 00:18 2,833,536 ----a-w C:\Program Files\ToolbarSetup.exe
2005-05-03 09:20 4,343,056 ----a-w C:\Program Files\sdtrial.exe
2005-03-30 05:11 678,069 ----a-w C:\Program Files\DVDStyler-1.31.tar.gz
2005-03-30 05:06 288,452 ----a-w C:\Program Files\dvdauthor-0.6.11.tar.gz
2005-03-29 09:09 3,032,317 ----a-w C:\Program Files\WinAVITrial.exe
2005-03-17 04:17 4,573,898 ----a-w C:\Program Files\sdvdcfullVer8.exe
2005-03-16 11:09 4,571,247 ----a-w C:\Program Files\sdvdc.exe
2005-03-13 06:49 877,056 ----a-w C:\Program Files\iview395.exe
2004-03-30 22:08 19,624 ----a-w C:\WINDOWS\Fonts\Tom hand.zip
2004-03-30 22:07 32,259 ----a-w C:\WINDOWS\Fonts\Hanshand.zip
2004-03-30 22:06 28,277 ----a-w C:\WINDOWS\Fonts\Blomster.zip
2004-03-30 22:06 19,499 ----a-w C:\WINDOWS\Fonts\Ashley.zip
2004-03-30 22:05 15,693 ----a-w C:\WINDOWS\Fonts\Brooklyn.zip
2004-03-30 22:05 13,694 ----a-w C:\WINDOWS\Fonts\Chinese takeaway.zip
2004-03-30 22:04 31,513 ----a-w C:\WINDOWS\Fonts\Aladdin.zip
2004-03-30 22:04 23,838 ----a-w C:\WINDOWS\Fonts\Dali.zip
2004-03-30 22:01 24,148 ----a-w C:\WINDOWS\Fonts\Zachary.zip
2004-03-30 22:00 16,128 ----a-w C:\WINDOWS\Fonts\Yearsupplyoffairycakes.zip
2004-03-30 21:58 24,695 ----a-w C:\WINDOWS\Fonts\Venus flytrap.zip
2004-03-30 21:57 26,417 ----a-w C:\WINDOWS\Fonts\Violatation.zip
2004-03-30 21:57 25,720 ----a-w C:\WINDOWS\Fonts\Virgin.zip
2004-03-30 21:53 21,959 ----a-w C:\WINDOWS\Fonts\Psycho.zip
2004-03-30 21:52 54,467 ----a-w C:\WINDOWS\Fonts\Penmanship.zip
2004-03-30 21:51 7,048 ----a-w C:\WINDOWS\Fonts\Orient.zip
2004-03-30 21:50 18,359 ----a-w C:\WINDOWS\Fonts\Nerve_tonic.zip
2004-03-30 21:49 7,237 ----a-w C:\WINDOWS\Fonts\Metallord.zip
2004-03-30 21:48 24,117 ----a-w C:\WINDOWS\Fonts\Marker finepoint.zip
2004-03-30 21:47 17,515 ----a-w C:\WINDOWS\Fonts\Lindas.ZIP
2004-03-30 21:46 34,760 ----a-w C:\WINDOWS\Fonts\Karen helene.zip
2004-03-30 21:45 70,099 ----a-w C:\WINDOWS\Fonts\JD.zip
2004-03-30 21:43 14,502 ----a-w C:\WINDOWS\Fonts\Fat boy slim.zip
2004-03-30 21:41 31,645 ----a-w C:\WINDOWS\Fonts\Paw print.zip
2004-03-30 21:40 11,353 ----a-w C:\WINDOWS\Fonts\Dear teacher.zip
2004-03-30 21:38 8,905 ----a-w C:\WINDOWS\Fonts\Sugarfish.zip
2004-03-30 21:38 17,280 ----a-w C:\WINDOWS\Fonts\Starrynight.zip
2004-03-30 21:37 133,912 ----a-w C:\WINDOWS\Fonts\Starwars.zip
2004-03-30 21:35 36,888 ----a-w C:\WINDOWS\Fonts\Girls are weird.zip
2004-03-30 21:34 53,034 ----a-w C:\WINDOWS\Fonts\Batman forever.zip
2004-03-30 21:33 41,551 ----a-w C:\WINDOWS\Fonts\Balloons.zip
2004-03-30 21:33 39,447 ----a-w C:\WINDOWS\Fonts\Angelica.zip
2004-03-30 21:32 25,959 ----a-w C:\WINDOWS\Fonts\Alsscript.zip
2004-03-30 21:31 29,664 ----a-w C:\WINDOWS\Fonts\Actionsh.zip
2004-03-30 21:30 94,590 ----a-w C:\WINDOWS\Fonts\Acme.zip
2004-03-30 21:29 6,711 ----a-w C:\WINDOWS\Fonts\Acecrikey.zip
2004-03-30 21:27 170,173 ----a-w C:\WINDOWS\Fonts\Abaddon.zip
2004-03-30 02:17 20,041 ----a-w C:\WINDOWS\Fonts\Aberration.zip
2004-03-30 02:14 23,372 ----a-w C:\WINDOWS\Fonts\Impossible.zip
2004-03-30 02:13 25,829 ----a-w C:\WINDOWS\Fonts\Disney.zip
2004-03-12 23:58 9,092 ----a-w C:\WINDOWS\Fonts\Metallica Old All\Metallica Old All.zip
2004-03-12 23:52 40,993 ----a-w C:\WINDOWS\Fonts\Metallica New.zip
2004-03-12 23:51 9,092 ----a-w C:\WINDOWS\Fonts\Metallica Old All.zip
2004-03-12 23:51 18,283 ----a-w C:\WINDOWS\Fonts\Metallica Load.zip
2004-03-12 23:49 41,209 ----a-w C:\WINDOWS\Fonts\Metallica Old.zip
.

Code:

<pre>
----a-w             9,728 2008-01-06 12:13:48  C:\WINDOWS\shell .exe
----a-w            24,576 2008-01-07 12:23:28  C:\WINDOWS\system32\CTHELPER .EXE
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6C1D0F9-9365-4FDF-964B-5DEC8823C79C}]
2008-01-07 23:23 338432 --a------ C:\WINDOWS\system32\gebcb.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\MSMSGS.exe" [2008-01-07 22:20 1694208]
"DAEMON Tools "= "C:\Program Files\Daemon Tools\daemon.exe" [2008-01-07 23:23 516096]
"SUPERAntiSpyware "= "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-01-07 23:23 1774592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC "= "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [ ]
"CTHelper "= "CTHELPER.EXE" [2008-01-07 22:45 367616 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg "= "REGSVR32.exe" [2004-08-04 18:56 11776 C:\WINDOWS\system32\regsvr32.exe]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [2008-01-07 23:23 434688]
"Cmaudio "= "cmicnfg.cpl" []
"Desktop Service Centre "= "C:\Program Files\OptusNet DSL Internet\DSC.exe" [2008-01-07 23:24 2488832]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-01-07 23:24 400896]
"nwiz "= "nwiz.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2008-01-07 23:24 411648]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2008-01-07 23:24 498688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL" [2007-10-04 17:14 81920]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 11:51:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 11:51:05]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load "=C:\WINDOWS\system32\gebcb.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\gebcb

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 12:48]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 21:32]
R3 USB_RNDIS;NetComm NB5 USB;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 17:04]
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 13:53]
S3 glauiad;D-Link DSL-302G Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-03-07 15:07]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 17:01]

.
Contents of the 'Scheduled Tasks' folder
"2007-05-26 02:30:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-22 20:59:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-07 23:23:21
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\WINDOWS\system32\gebcb.dll
.
Completion time: 2008-01-07 23:26:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-07 12:26:06

 

Finally:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:31:31 PM, on 7/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.groups.com.au
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebcb.exe
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

--
End of file - 5895 bytes



BTW, my pc is now much quicker and those annoying helper9.dll messages have appeared to stop.

 

Getting better, but not there yet

Since the above I now have access to the Control Panel. I then uninstalled SUPERAntiSpyWare and a couple of other known programs that I know I don't use anymore via the Add/Remove Programs option.

My PC Still has issues with the bottom taskbar disappearing and with ads poping up via IE. I've also got a new icon down the bottom on the taskbar for Microsoft SQL Service Manager that I've never seen before.

Here is the most up-to-date text dump:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:05:01 AM, on 8/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\xgjwrdmw.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Daemon Tools\daemon .exe
C:\Program Files\OptusNet DSL Internet\DSC .exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
F3 - REG:win.ini: load=C:\WINDOWS\system32\gebcb.exe
O3 - Toolbar: (no name) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - (no file)
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [2f591276] rundll32.exe "C:\WINDOWS\system32\mwhgkuav.dll ",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\xgjwrdmw.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

--
End of file - 6005 bytes

 

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\WINDOWS\system32\xgjwrdmw.exe
C:\WINDOWS\system32\mwhgkuav.dll
C:\Install
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\dpiyurfh.tmp
C:\ysxl.exe
C:\794366681
Folder::
C:\FOUND.011
RenV::
C:\WINDOWS\shell .exe
C:\WINDOWS\system32\CTHELPER .EXE
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F6C1D0F9-9365-4FDF-964B-5DEC8823C79C}]
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
 "load "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
 "{92085AD4-F48A-450D-BD93-B28CC7DF67CE} "=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
 "2f591276 "=-

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

 

Thanks. Will do in around 9-10 hours time and put the log in this post.

 

I recommend you disconnect the internet in the meantime ... physically. It continues to gather new infections while connected. If it's not a problem to do, leave your computer on till then too. One of the infections present regenerates upon rebooting. ComboFix can prevent that from happening when it causes the computer to reboot though, so make sure you allow CF to reboot if prompted.

 

ComboFix 08-01-07.4 - user 2008-01-08 19:32:10.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.237 [GMT 11:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\794366681
C:\Install
C:\WINDOWS\system32\dpiyurfh.tmp
C:\WINDOWS\system32\mwhgkuav.dll
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\xgjwrdmw.exe
C:\ysxl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\794366681
C:\FOUND.011
C:\FOUND.011\FILE0000.CHK
C:\Install
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\REGSHAVE\REGSHAVE.EXE
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\bcbeg.ini
C:\WINDOWS\system32\bcbeg.ini2
C:\WINDOWS\system32\dpiyurfh.tmp
C:\WINDOWS\system32\gebcb.dll
C:\WINDOWS\system32\gebcb.exe
C:\WINDOWS\system32\jioefndp.dll
C:\WINDOWS\system32\jjlmfmsl.ini
C:\WINDOWS\system32\mwhgkuav.dll
C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\obpqkpoq.dll
C:\WINDOWS\system32\ps1.dat
C:\WINDOWS\system32\rc.dat
C:\WINDOWS\system32\RCX19.tmp
C:\WINDOWS\system32\RCX1A.tmp
C:\WINDOWS\system32\RCX1B.tmp
C:\WINDOWS\system32\vaukghwm.ini
C:\WINDOWS\system32\wkgsnshv.exe
C:\WINDOWS\system32\xgjwrdmw.exe
C:\WINDOWS\UpdReg.EXE
C:\ysxl.exe

Code:

 <pre>
C:\WINDOWS\UpdReg .EXE ---> UpdReg.EXE
C:\WINDOWS\system32\NeroCheck .exe ---> NeroCheck.exe
C:\Program Files\Messenger\MSMSGS .EXE ---> MSMSGS.EXE
C:\Program Files\Creative\SB Drive Det\SBDrvDet .exe ---> SBDrvDet.exe
C:\Program Files\REGSHAVE\REGSHAVE .EXE ---> REGSHAVE.EXE
C:\Program Files\OptusNet DSL Internet\DSC .exe ---> DSC.exe
C:\Program Files\Daemon Tools\daemon .exe ---> daemon.exe
</pre> 

.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 06:53 . 2008-01-08 19:26 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-08 06:53 . 2008-01-08 19:26 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-01-07 23:23 . 2008-01-08 19:26 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2008-01-07 23:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 23:07 . 2008-01-07 23:07 <DIR> d-------- C:\Deckard
2008-01-07 22:58 . 2008-01-07 22:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 22:26 . 2008-01-06 22:26 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-01-06 22:21 . 2008-01-06 22:24 3,736 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-06 21:58 . 2003-03-03 09:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-06 21:58 . 2003-03-04 06:06 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-06 21:58 . 2003-03-03 09:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Documents and Settings\user\Application Data\EasySpywareCleaner.com
2007-12-15 13:31 . 2007-12-15 13:31 <DIR> d-------- C:\Program Files\Codemasters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-15 19:54 --------- d-----w C:\Program Files\THQ
2007-11-09 03:39 94,664 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-10-28 08:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-01 09:42 297,992 ----a-w C:\Program Files\Thomas The Tank Engine and Friends.zip
2007-07-01 08:56 1,384,960 ----a-w C:\Program Files\SDP_v2_3_0.msi
2007-07-01 08:45 397,312 ----a-w C:\Program Files\MediaRecorder_Install.pgm.msi
2007-06-18 13:14 280,227 ----a-w C:\Program Files\FreeMPC.jar
2007-06-18 12:16 1,630,151 ----a-w C:\Program Files\Setup_AltoMP3Gold.exe
2007-06-12 09:15 18,937,781 ----a-w C:\Program Files\650_222_win2kxp.zip
2007-01-31 10:33 2,094,778 ----a-w C:\Program Files\kbpianost.exe
2007-01-09 07:36 24,192 ----a-w C:\Documents and Settings\user\usbsermptxp.sys
2007-01-09 07:36 22,768 ----a-w C:\Documents and Settings\user\usbsermpt.sys
2006-10-31 12:53 14,405,024 ----a-w C:\Program Files\GoogleEarthWin.exe
2006-09-18 09:56 627,995 ----a-w C:\Program Files\ZSNES_0904.zip
2006-07-23 11:21 1,322,736 ----a-w C:\Program Files\DVDFabDecrypter29.exe
2006-07-21 09:29 81,393 ----a-w C:\Program Files\AnyDVD[1].patch.rar
2006-07-21 09:11 1,293,030 ----a-w C:\Program Files\SetupAnyDVD6031.exe
2005-07-23 12:20 13,235,784 ----a-w C:\Program Files\avg70free_338a597.exe
2005-05-05 00:18 2,833,536 ----a-w C:\Program Files\ToolbarSetup.exe
2005-05-03 09:20 4,343,056 ----a-w C:\Program Files\sdtrial.exe
2005-03-30 05:11 678,069 ----a-w C:\Program Files\DVDStyler-1.31.tar.gz
2005-03-30 05:06 288,452 ----a-w C:\Program Files\dvdauthor-0.6.11.tar.gz
2005-03-29 09:09 3,032,317 ----a-w C:\Program Files\WinAVITrial.exe
2005-03-17 04:17 4,573,898 ----a-w C:\Program Files\sdvdcfullVer8.exe
2005-03-16 11:09 4,571,247 ----a-w C:\Program Files\sdvdc.exe
2005-03-13 06:49 877,056 ----a-w C:\Program Files\iview395.exe
.

Code:

<pre>
----a-w         1,318,912 2008-01-07 12:34:30  C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE .EXE
</pre>

((((((((((((((((((((((((((((( snapshot@2008-01-07_23.25.33.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-07 12:22:40 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_744.dat
+ 2008-01-08 08:37:08 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_744.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\MSMSGS.exe" [2008-01-08 19:26 1694208]
"DAEMON Tools "= "C:\Program Files\Daemon Tools\daemon.exe" [2008-01-08 19:26 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC "= "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [ ]
"CTHelper "= "CTHELPER.EXE" [2008-01-08 19:26 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg "= "REGSVR32.exe" [2004-08-04 18:56 11776 C:\WINDOWS\system32\regsvr32.exe]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [2008-01-08 19:26 90112]
"Cmaudio "= "cmicnfg.cpl" []
"Desktop Service Centre "= "C:\Program Files\OptusNet DSL Internet\DSC.exe" [2008-01-08 07:02 2125956]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-01-08 19:26 53248]
"nwiz "= "nwiz.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2008-01-08 19:26 45056]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2008-01-08 19:26 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL" [2007-10-04 17:14 81920]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 11:51:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 11:51:05]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 12:48]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 21:32]
R3 USB_RNDIS;NetComm NB5 USB;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 17:04]
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 13:53]
S3 glauiad;D-Link DSL-302G Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-03-07 15:07]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 17:01]

.
Contents of the 'Scheduled Tasks' folder
"2007-05-26 02:30:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-22 20:59:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 19:42:08
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-08 19:43:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-08 08:43:24
ComboFix2.txt 2008-01-07 12:26:12

 

Great!

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

File::
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE .EXE
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
 "SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

Then, please do an online scan with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.

Post the Kaspersky log and one more fresh HijackThis log.

 

Mate, this is making SUCH a difference! Thanks again.

Here we are:

ComboFix 08-01-07.4 - user 2008-01-09 7:17:09.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.230 [GMT 11:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE .EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE .EXE

.
((((((((((((((((((((((((( Files Created from 2007-12-08 to 2008-01-08 )))))))))))))))))))))))))))))))
.

2008-01-08 22:10 . 2008-01-08 22:10 <DIR> d-------- C:\Music
2008-01-08 06:53 . 2008-01-08 19:26 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-01-08 06:53 . 2008-01-08 19:26 90,112 --a------ C:\WINDOWS\UpdReg.EXE
2008-01-07 23:23 . 2008-01-08 19:26 24,576 --a------ C:\WINDOWS\system32\CTHELPER.EXE
2008-01-07 23:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-07 23:07 . 2008-01-07 23:07 <DIR> d-------- C:\Deckard
2008-01-07 22:58 . 2008-01-07 22:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-01-06 23:04 . 2008-01-06 23:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-06 22:26 . 2008-01-06 22:26 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-01-06 22:21 . 2008-01-06 22:24 3,736 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-06 21:58 . 2003-03-03 09:54 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-06 21:58 . 2003-03-04 06:06 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-06 21:58 . 2003-03-03 09:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-01-06 13:31 . 2008-01-06 13:31 <DIR> d-------- C:\Documents and Settings\user\Application Data\EasySpywareCleaner.com
2007-12-15 13:31 . 2007-12-15 13:31 <DIR> d-------- C:\Program Files\Codemasters

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 10:38 502,784 ----a-w C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
2007-11-30 05:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-15 19:54 --------- d-----w C:\Program Files\THQ
2007-11-09 03:39 94,664 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-10-28 08:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-07-01 09:42 297,992 ----a-w C:\Program Files\Thomas The Tank Engine and Friends.zip
2007-07-01 08:56 1,384,960 ----a-w C:\Program Files\SDP_v2_3_0.msi
2007-07-01 08:45 397,312 ----a-w C:\Program Files\MediaRecorder_Install.pgm.msi
2007-06-18 13:14 280,227 ----a-w C:\Program Files\FreeMPC.jar
2007-06-18 12:16 1,630,151 ----a-w C:\Program Files\Setup_AltoMP3Gold.exe
2007-06-12 09:15 18,937,781 ----a-w C:\Program Files\650_222_win2kxp.zip
2007-01-31 10:33 2,094,778 ----a-w C:\Program Files\kbpianost.exe
2007-01-09 07:36 24,192 ----a-w C:\Documents and Settings\user\usbsermptxp.sys
2007-01-09 07:36 22,768 ----a-w C:\Documents and Settings\user\usbsermpt.sys
2006-10-31 12:53 14,405,024 ----a-w C:\Program Files\GoogleEarthWin.exe
2006-09-18 09:56 627,995 ----a-w C:\Program Files\ZSNES_0904.zip
2006-07-23 11:21 1,322,736 ----a-w C:\Program Files\DVDFabDecrypter29.exe
2006-07-21 09:29 81,393 ----a-w C:\Program Files\AnyDVD[1].patch.rar
2006-07-21 09:11 1,293,030 ----a-w C:\Program Files\SetupAnyDVD6031.exe
2005-07-23 12:20 13,235,784 ----a-w C:\Program Files\avg70free_338a597.exe
2005-05-05 00:18 2,833,536 ----a-w C:\Program Files\ToolbarSetup.exe
2005-05-03 09:20 4,343,056 ----a-w C:\Program Files\sdtrial.exe
2005-03-30 05:11 678,069 ----a-w C:\Program Files\DVDStyler-1.31.tar.gz
2005-03-30 05:06 288,452 ----a-w C:\Program Files\dvdauthor-0.6.11.tar.gz
2005-03-29 09:09 3,032,317 ----a-w C:\Program Files\WinAVITrial.exe
2005-03-17 04:17 4,573,898 ----a-w C:\Program Files\sdvdcfullVer8.exe
2005-03-16 11:09 4,571,247 ----a-w C:\Program Files\sdvdc.exe
2005-03-13 06:49 877,056 ----a-w C:\Program Files\iview395.exe
2004-03-30 22:08 19,624 ----a-w C:\WINDOWS\Fonts\Tom hand.zip
2004-03-30 22:07 32,259 ----a-w C:\WINDOWS\Fonts\Hanshand.zip
2004-03-30 22:06 28,277 ----a-w C:\WINDOWS\Fonts\Blomster.zip
2004-03-30 22:06 19,499 ----a-w C:\WINDOWS\Fonts\Ashley.zip
2004-03-30 22:05 15,693 ----a-w C:\WINDOWS\Fonts\Brooklyn.zip
2004-03-30 22:05 13,694 ----a-w C:\WINDOWS\Fonts\Chinese takeaway.zip
2004-03-30 22:04 31,513 ----a-w C:\WINDOWS\Fonts\Aladdin.zip
2004-03-30 22:04 23,838 ----a-w C:\WINDOWS\Fonts\Dali.zip
2004-03-30 22:01 24,148 ----a-w C:\WINDOWS\Fonts\Zachary.zip
2004-03-30 22:00 16,128 ----a-w C:\WINDOWS\Fonts\Yearsupplyoffairycakes.zip
2004-03-30 21:58 24,695 ----a-w C:\WINDOWS\Fonts\Venus flytrap.zip
2004-03-30 21:57 26,417 ----a-w C:\WINDOWS\Fonts\Violatation.zip
2004-03-30 21:57 25,720 ----a-w C:\WINDOWS\Fonts\Virgin.zip
2004-03-30 21:53 21,959 ----a-w C:\WINDOWS\Fonts\Psycho.zip
2004-03-30 21:52 54,467 ----a-w C:\WINDOWS\Fonts\Penmanship.zip
2004-03-30 21:51 7,048 ----a-w C:\WINDOWS\Fonts\Orient.zip
2004-03-30 21:50 18,359 ----a-w C:\WINDOWS\Fonts\Nerve_tonic.zip
2004-03-30 21:49 7,237 ----a-w C:\WINDOWS\Fonts\Metallord.zip
2004-03-30 21:48 24,117 ----a-w C:\WINDOWS\Fonts\Marker finepoint.zip
2004-03-30 21:47 17,515 ----a-w C:\WINDOWS\Fonts\Lindas.ZIP
2004-03-30 21:46 34,760 ----a-w C:\WINDOWS\Fonts\Karen helene.zip
2004-03-30 21:45 70,099 ----a-w C:\WINDOWS\Fonts\JD.zip
2004-03-30 21:43 14,502 ----a-w C:\WINDOWS\Fonts\Fat boy slim.zip
2004-03-30 21:41 31,645 ----a-w C:\WINDOWS\Fonts\Paw print.zip
2004-03-30 21:40 11,353 ----a-w C:\WINDOWS\Fonts\Dear teacher.zip
2004-03-30 21:38 8,905 ----a-w C:\WINDOWS\Fonts\Sugarfish.zip
2004-03-30 21:38 17,280 ----a-w C:\WINDOWS\Fonts\Starrynight.zip
2004-03-30 21:37 133,912 ----a-w C:\WINDOWS\Fonts\Starwars.zip
2004-03-30 21:35 36,888 ----a-w C:\WINDOWS\Fonts\Girls are weird.zip
2004-03-30 21:34 53,034 ----a-w C:\WINDOWS\Fonts\Batman forever.zip
2004-03-30 21:33 41,551 ----a-w C:\WINDOWS\Fonts\Balloons.zip
2004-03-30 21:33 39,447 ----a-w C:\WINDOWS\Fonts\Angelica.zip
2004-03-30 21:32 25,959 ----a-w C:\WINDOWS\Fonts\Alsscript.zip
2004-03-30 21:31 29,664 ----a-w C:\WINDOWS\Fonts\Actionsh.zip
2004-03-30 21:30 94,590 ----a-w C:\WINDOWS\Fonts\Acme.zip
2004-03-30 21:29 6,711 ----a-w C:\WINDOWS\Fonts\Acecrikey.zip
2004-03-30 21:27 170,173 ----a-w C:\WINDOWS\Fonts\Abaddon.zip
2004-03-30 02:17 20,041 ----a-w C:\WINDOWS\Fonts\Aberration.zip
2004-03-30 02:14 23,372 ----a-w C:\WINDOWS\Fonts\Impossible.zip
2004-03-30 02:13 25,829 ----a-w C:\WINDOWS\Fonts\Disney.zip
2004-03-12 23:58 9,092 ----a-w C:\WINDOWS\Fonts\Metallica Old All\Metallica Old All.zip
2004-03-12 23:52 40,993 ----a-w C:\WINDOWS\Fonts\Metallica New.zip
2004-03-12 23:51 9,092 ----a-w C:\WINDOWS\Fonts\Metallica Old All.zip
2004-03-12 23:51 18,283 ----a-w C:\WINDOWS\Fonts\Metallica Load.zip
2004-03-12 23:49 41,209 ----a-w C:\WINDOWS\Fonts\Metallica Old.zip
.

((((((((((((((((((((((((((((( snapshot@2008-01-07_23.25.33.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2000-08-30 21:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\subs\F3M\ERDNT.EXE
+ 2008-01-08 20:12:12 16,384 ----a-w C:\WINDOWS\temp\Perflib_Perfdata_748.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "= "C:\Program Files\Messenger\MSMSGS.exe" [2008-01-08 19:26 1694208]
"DAEMON Tools "= "C:\Program Files\Daemon Tools\daemon.exe" [2008-01-08 19:26 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EM_EXEC "= "C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [ ]
"CTHelper "= "CTHELPER.EXE" [2008-01-08 19:26 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg "= "REGSVR32.exe" [2004-08-04 18:56 11776 C:\WINDOWS\system32\regsvr32.exe]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"UpdReg "= "C:\WINDOWS\UpdReg.EXE" [2008-01-08 19:26 90112]
"Cmaudio "= "cmicnfg.cpl" []
"Desktop Service Centre "= "C:\Program Files\OptusNet DSL Internet\DSC.exe" [2008-01-08 07:02 2125956]
"REGSHAVE "= "C:\Program Files\REGSHAVE\REGSHAVE.exe" [2008-01-08 19:26 53248]
"nwiz "= "nwiz.exe" []
"NvMediaCenter "= "C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"SBDrvDet "= "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2008-01-08 19:26 45056]
"NeroFilterCheck "= "C:\WINDOWS\system32\NeroCheck.exe" [2008-01-08 19:26 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter "= "C:\WINDOWS\System32\NVMCTRAY.DLL" [2007-10-04 17:14 81920]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 11:51:05]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-04-26 11:51:05]

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 12:48]
R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 21:32]
R3 USB_RNDIS;NetComm NB5 USB;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 17:04]
S3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 13:53]
S3 glauiad;D-Link DSL-302G Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-03-07 15:07]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 17:01]

.
Contents of the 'Scheduled Tasks' folder
"2007-05-26 02:30:48 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-11-22 20:59:46 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job "
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 07:20:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-09 7:21:12
ComboFix-quarantined-files.txt 2008-01-08 20:21:12
ComboFix3.txt 2008-01-07 12:26:12
ComboFix2.txt 2008-01-08 08:43:28


---------------------------------

I have tried to run the online scanner but get this error message:

Failed to load Kaspersky Online Scanner ActiveX control!

You must have administrative rights on this computer;
you also must have the IE security settings to the Medium level.

I have only ever had one logon and always thought it had administrative rights. It wont let me change the IE settings either (but they are already on Medium...).

 

Log looks good.

Did you download all those zip files in the C:\Windows\Fonts folder?

Did you uninstall SuperAntispyware?

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Open Internet Options in the Control Panel then select the Programs tab. Click Reset Web Settings. Your choice whether or not to reset the homepage when promted. OK out. Now see if you are able to make any changes in the Security Settings (medium is fine, we just want to know if you can change them).

Now please try the Kaspersky scan again. If no joy, try Panda. Instructions below.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HijackThis log.

 

Hi there. Yes, I downloaded a bunch of fonts for my wife a while ago. I thought I did uninstall SUPERAntispyware as soon as I was able to re-use the Add/Remove Programs function.

Is having that Microsoft SQL Service Manager icon in my quickstart (is that the proper name for it?) down the bottom next to my time an issue? I've never seen it before and have no idea why it's there.

I will follow the rest of the instructions and post the logs in approx. 6-7 hours time.

 

If you would, please do a HijackThis scan and post the log for me now.

Did you extract the zip files?

You can delete the following folder.

C:\Program Files\SUPERAntiSpyware

I'll look back over your other logs to see if I see anything related to the SQL service manager. Can you click or right click the icon and get an option to exit? (run the HJT scan first please)

 

I would if I could but I'm at work and wont be able to get onto the home machine for another 6 or so hours. Regarding the font files it was a while ago but I think I did.

 

No problem. I'll try to peek in in the AM then.

 

I am now starting the process per your recent post but are finding that the link to the ATF Cleaner program you've given doesn't work. I am now getting the program from here:

http://www.majorgeeks.com/ATF_Cleaner_d4949.html

After using ATF Cleaner and re-booting and re-setting the web settings I still can't change the settings to anything below 'Medium' (although it will let me save it to High). It gives me this message:

The Recommended Security Level for this zone is 'Medium'. The level you have chosen is lower than this. Please chose a security level of Medium or higher.

The Kaspersky online scanner appears to be working. It took nearly an hour to download all the updates and has only now started the scan. It looks like it will take a fair while so I'll post that log in the morning my time.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, January 10, 2008 6:54:25 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 9/01/2008
Kaspersky Anti-Virus database records: 504683
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 106218
Number of viruses found: 10
Number of infected objects: 129
Number of suspicious objects: 0
Duration of the scan process: 01:25:00

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_1b8.dat Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012008010920080110\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\8LUNGD2R\versioncheck[2].txt Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\user\Local Settings\Temp\{C1E101AB-B90E-4E0C-9849-504BCB78DC8E}\_extra\objects\cmdline.dll Infected: not-a-virus:AdWare.Win32.BHO.cr skipped
C:\Documents and Settings\user\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\user\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\master.mdf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\model.mdf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\modellog.ldf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Data\templog.ldf Object is locked skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137714.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137722.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137723.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137724.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137725.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137726.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137727.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137728.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137729.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137730.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137731.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137732.dll Infected: Trojan-Downloader.Win32.BHO.cf skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1269\A0137743.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1270\A0137786.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1270\A0137787.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1270\A0137788.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1270\A0137789.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1272\A0137812.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1272\A0137813.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1272\A0137814.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1272\A0137815.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1272\A0137816.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1272\A0137817.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1272\A0137818.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138224.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138420.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138421.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138422.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138423.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138424.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138425.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138426.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138429.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138434.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138436.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138437.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138438.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138439.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138440.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138441.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138451.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138453.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138454.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138455.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138457.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138458.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138459.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138475.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138477.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138478.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138479.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138480.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138482.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138489.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138492.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138503.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138505.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138506.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138507.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138508.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138509.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138510.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1273\A0138520.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138528.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138530.EXE Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138531.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138532.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138535.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138540.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138541.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138542.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138543.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138544.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138545.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138546.EXE Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1274\A0138547.exe Infected: Trojan.Win32.Qhost.adl skipped
C:\System Volume Information\_restore{ABD46997-354A-4D50-907D-FD569FD71BC8}\RP1275\change.log Object is locked skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\TMP31.tmp Infected: Trojan.Win32.Qhost.adl skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX3C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX48.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX6D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX79.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX9E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCXAA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX5.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX8.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCXB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX14.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\TMP18.tmp Infected: Trojan-Downloader.Win32.Alphabet.az skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX25.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX28.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX2B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX31.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\TMP35.tmp Infected: Trojan-Downloader.Win32.Alphabet.az skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX27.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX2A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX34.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\RCX3B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Deckard\System Scanner\backup\DOCUME~1\user\LOCALS~1\Temp\TMP3F.tmp Infected: Trojan-Downloader.Win32.Alphabet.az skipped
C:\Config.Msi\b2912.rbf Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\lsass.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1B.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX19.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\RCX1A.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xgjwrdmw.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\wkgsnshv.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gebcb.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mwhgkuav.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.din skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\NeroCheck.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\lsass .exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\UpdReg.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\WINDOWS\shell.exe.vir Infected: Trojan.Win32.Qhost.adl skipped
C:\QooBox\Quarantine\C\Program Files\MouseWare\system\EM_EXEC.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Creative\SB Drive Det\SBDrvDet.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Daemon Tools\daemon.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Messenger\MSMSGS.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\OptusNet DSL Internet\DSC.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\REGSHAVE\REGSHAVE.EXE.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\QooBox\Quarantine\C\Program Files\Helper\Helper9.dll.vir Infected: Trojan-Downloader.Win32.BHO.cf skipped
C:\Data\Glen's\Personal\ic2share.exe/WISE0041.BIN/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
C:\Data\Glen's\Personal\ic2share.exe/WISE0041.BIN/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
C:\Data\Glen's\Personal\ic2share.exe/WISE0041.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
C:\Data\Glen's\Personal\ic2share.exe WiseSFX: infected - 3 skipped

Scan process completed.



========================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:35 AM, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Daemon Tools\daemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dsl.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\Daemon Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Common Files\Microsoft Shared\MSInfo\MSINF16H.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://dsl.optusnet.com.au/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.com.au/SnapfishActivia.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE (file missing)

--
End of file - 6143 bytes