Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect virus?


  • This topic is locked This topic is locked
20 replies to this topic

#1 rupert

rupert

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 21 January 2009 - 05:12 PM

This is my first posting and I need some help.
I run windows xp3 all updated (until recently). I use two web browsers. Sea Monkey for normal use and when I need to get updates from Microsoft I have to use Iexplorer (7).
Recently I have noticed I cannot get to the Microsoft Update site as I immediately come to Google which then redirects to wherever. Similarly when using Sea Monkey.
I also cannot get virus updates from the Grisoft AVG site.
Reading through the virus information sites it seems I have what is called the Google redirect virus which seems in plague proportions right now.
I have downloaded and run both Malwarebytes Anti-Malware and HijackThis. Quite a few malware were found which I deleted (?) but the problem still persists.
I have attached the HijackThis log to see if anyone can spot the problem. I don't want to format my drive and reinstall Windows if I can avoid it but I am rapidly running out of ideas.
Can anyone help.

Attached Files



BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 21 January 2009 - 08:49 PM

Hi,

Welcome to BleepingComputer HijackThis Logs and Malware Removal,rupert. :thumbup2:
My name is sundavis, I will be helping you to deal with your Malware problems today.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times. and we are trying our best to keep up.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not, then please do the following.

Step1
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step2

Please close all browsers and other windows while running GooredFix.
  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.


In your next reply, please post back:

1.Goored log
2.RSIT log.txt and info.txt.

Thanks.

#3 rupert

rupert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 22 January 2009 - 06:16 AM

Thanks for your quick response.
Please note! this reply is coming from an alternative Computer which as far as I can judge is clean and is reported as such by a variety of Virus and Malware programs.

I have downloaded both programs you advised with this Computer but I couldn't get rsit.exe at first from your direction "here" and while I was searching for an alternative source on the web I noticed a lot of comments about it and many of them considered it as malware itself and blaming it for all sorts of things and couldn't get it to run etc., Is this all rubbish or are there alternative versions out there loaded with virus? I don't want to sound paranoid but before I go ahead and open it up, I would appreciate your comment. Incidentally I have since been able to download from your directed source.

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 22 January 2009 - 08:20 AM

Hi rupert,

This program is ok and feel free to run it. Hope to see your logs. Thanks.

#5 rupert

rupert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 22 January 2009 - 09:19 PM

O.K.,
I have attached the RSIT /HijackThis Logs as requested plus the info.txt.
It's all meaningless to me but I hope you can help.
Do I now wait for your reply and advice what to do before using GooredFix and posting the Log and txt?

Attached Files



#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 22 January 2009 - 11:52 PM

Yes, please proceed the GooredFix and post the log in your next reply.

Please directly post the contents into this topic and Do not attach your logs. Thanks

#7 rupert

rupert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 23 January 2009 - 12:43 AM

I seem to be having some sort of problem getting a log reading. Please see the following:

GooredFix v1.83 by jpshortstuff
Log created at 16:37 on 23/01/2009 running Option #1 (Peter Mattson)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

Am I doing something wrong? I closed Sea Monkey and used IExplorer to get this page but still could not get any Entries/Values.

(Sorry about using attachments previously.)

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 25 January 2009 - 09:45 AM

Hi rupert,


I notice there is sign of one P2P (Person to Person) File Sharing Program on your computer. Even if you are using a "safe" P2P program, it is only the program that is safe.
You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
You are well advised to remove it via the following filepath.

E:\Program Files\UTorrent

After that, please do the following:


Step1

Please disable Windows Defender temporarily, or it may interfere.
  • Go to Start > All Programs > Windows Defender.
  • Click on Tools at the top.
  • Under Settings, click on Options.
  • Under Automatic scanning, uncheck (untick) Automatically scan my computer (recommended) box.
  • Under Real-time protection options, uncheck (untick) Use real-time protection (recommended) box.
  • Click on the Save button at the bottom right hand corner.

Step2
  • Please download Flash_Disinfector and save it to your desktop.
  • Double click to run it.
  • You will be prompted to plug in your flash drive. Remember to plug in the flash drive to disinfect as well.
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.


Step3

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. You will see the below prompt when you first run ComboFix:


Posted Image


The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:


Posted Image

1.Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

2.Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:

1.Combofix log
2.New RSIT log Thanks.

#9 rupert

rupert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 26 January 2009 - 11:48 PM

Thanks for your response again.
While waiting for your reply to my last posting I had been ratting around on the internet seeking other guidance and somehow, whether by accident or design I seem to have eliminated most of my problems by rooting out entries in System Registry by using Regedit. The redirection of google has gone, the inability to get Windows UPdate from using iexplorer 7 has also been fixed. (I also found some other viruses I didn't know I had.)
However, although the Computer has been running smoothly these last couple of days I'm still not sure if I am entirely free.
I have therefore taken your advice from your last posting and run Combofix and RSIT.
The logs and info files for both are below.
Looking forward to your comments and advice.

ComboFix 09-01-21.04 - Peter Mattson 2009-01-27 10:41:58.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.641 [GMT 11:00]
Running from: c:\documents and settings\Peter Mattson\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-12-26 to 2009-01-26 )))))))))))))))))))))))))))))))
.

2009-01-27 10:05 . 2009-01-27 10:14 <DIR> d-------- C:\32788R22FWJFW.3.tmp
2009-01-27 09:30 . 2009-01-27 09:39 <DIR> d-------- C:\32788R22FWJFW.2.tmp
2009-01-27 09:21 . 2009-01-27 09:30 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-01-27 08:43 . 2009-01-27 08:45 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-01-25 21:52 . 2009-01-25 21:52 <DIR> d-------- c:\program files\Google
2009-01-25 20:24 . 2009-01-25 20:24 118,784 --a------ c:\windows\SeaMonkeyUninstall.exe
2009-01-23 19:02 . 2009-01-23 19:02 61,440 --a------ c:\windows\system32\drivers\zatcjw.sys
2009-01-22 08:10 . 2009-01-22 08:10 <DIR> d-------- c:\documents and settings\Peter Mattson\Application Data\WinCare2008
2009-01-22 07:58 . 2009-01-22 07:58 <DIR> d-------- c:\documents and settings\Peter Mattson\Application Data\SUPERAntiSpyware.com
2009-01-22 07:58 . 2009-01-22 07:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-22 07:56 . 2009-01-22 07:56 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-22 07:55 . 2009-01-22 07:55 <DIR> d-------- C:\!KillBox
2009-01-21 18:26 . 2009-01-21 18:26 <DIR> d-------- c:\documents and settings\Peter Mattson\Application Data\Malwarebytes
2009-01-21 18:26 . 2009-01-21 18:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-21 18:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 18:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-20 18:30 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-20 07:25 . 2009-01-27 10:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2009-01-20 06:32 . 2009-01-21 20:37 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-01-15 18:41 . 2009-01-15 18:41 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-01-15 18:33 . 2009-01-15 18:34 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-10 18:37 . 2004-01-16 15:50 516,096 --a------ c:\windows\system32\CLVSDS.ax
2009-01-10 18:37 . 2008-02-03 21:26 364,544 --a------ c:\windows\system32\cdg.dll
2009-01-10 18:37 . 2006-09-27 17:46 348,160 --a------ c:\windows\system32\cdga.dll
2009-01-10 18:37 . 2006-07-08 04:07 114,688 --a------ c:\windows\system32\PropListCtrl.ocx
2009-01-10 18:37 . 2004-09-10 13:50 34,820 --a------ c:\windows\system32\ffdshow.reg
2009-01-10 18:37 . 2006-07-17 21:42 14,909 --a------ c:\windows\system32\A_reg.reg
2009-01-10 18:02 . 2009-01-10 18:02 23 --a------ c:\windows\system32\bbfacfcb4_z.ocx
2009-01-06 09:33 . 2009-01-06 09:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-01-26 07:34 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\VideoReDo-TVSuite
2009-01-26 06:57 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-26 06:48 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Vso
2009-01-26 06:42 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\uTorrent
2009-01-25 09:24 118,784 ----a-w c:\windows\GREUninstall.exe
2009-01-24 04:58 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-24 04:58 --------- d-----w c:\program files\PrintDeskTop
2009-01-24 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-20 09:22 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-01-20 09:12 --------- d-----w c:\program files\Comodo
2009-01-19 11:50 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Comodo
2009-01-15 07:35 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-15 07:23 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Uniblue
2009-01-12 07:10 2,100 -c--a-w c:\documents and settings\Peter Mattson\Application Data\wklnhst.dat
2009-01-09 09:33 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Canon
2009-01-06 04:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 07:27 --------- d-----w c:\program files\Java
2008-12-18 05:05 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-17 08:04 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Nero
2008-12-17 07:51 --------- d-----w c:\program files\Common Files\Nero
2008-12-17 07:25 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-11 10:57 333,952 ------w c:\windows\system32\drivers\srv.sys
2008-12-11 01:42 --------- d-----w c:\program files\Yahoo!
2008-12-04 08:52 441,760 -c--a-w c:\windows\system32\drivers\timntr.sys
2008-12-04 08:52 44,384 -c--a-w c:\windows\system32\drivers\tifsfilt.sys
2008-12-04 08:52 368,480 -c--a-w c:\windows\system32\drivers\tdrpman.sys
2008-12-04 08:52 --------- d-----w c:\program files\Common Files\Acronis
2008-12-04 07:49 --------- d-----w c:\program files\AskTBar
2008-12-04 07:46 --------- d-----w c:\program files\Acronis
2008-11-26 00:48 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2007-02-02 09:38 87,608 -c--a-w c:\documents and settings\Peter Mattson\Application Data\ezpinst.exe
2007-02-02 09:38 47,360 -c--a-w c:\documents and settings\Peter Mattson\Application Data\pcouffin.sys
2006-09-26 05:51 93 -c-h--w c:\program files\desktop.ini
2006-06-19 07:22 93,568 -c----w c:\documents and settings\Peter Mattson\Application Data\ezplay.sys
2004-03-11 03:27 40,960 -c----w c:\program files\Uninstall_CDS.exe
2006-07-15 04:32 220 -csh--w c:\windows\dwin.sys
2006-04-14 11:45 4,495 -csh--w c:\windows\rreg64.dll
2006-04-14 11:45 1,249 -csh--w c:\windows\utapi64.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-27_10.35.00.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-26 23:32:59 170,334 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-01-26 23:47:50 170,335 ----a-w c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-01-26 23:45:52 16,384 ------w c:\windows\temp\Perflib_Perfdata_1e4.dat
+ 2009-01-26 23:46:08 16,384 ------w c:\windows\temp\Perflib_Perfdata_614.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="c:\progra~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE" [2008-12-04 106496]
"SeaMonkey Quick Launch"="c:\program files\mozilla.org\SeaMonkey\SeaMonkey.exe" [2008-12-04 106496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Peter Mattson\Start Menu\Programs\Startup\
TempCleaner.lnk - c:\program files\TempCleaner\TempCleaner.exe [2004-03-26 346624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-23 21:52 356352 e:\program files\SuperAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg20.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau relog_ap

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=c:\windows\pss\MightyFAX Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
backup=c:\windows\pss\VersionTracker Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^avgcc.exe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^MiniReminder.lnk]
backup=c:\windows\pss\MiniReminder.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet]
c:\windows\system32\ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2008-10-03 22:40 165144 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2008-04-09 20:23 909208 e:\program files\Acronis True Image 11\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a--c--- 2008-11-20 10:06 178688 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-08-08 10:16 91432 c:\program files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
--a------ 2008-07-11 18:24 278264 c:\program files\Comodo\SafeSurf\cssurf.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--------- 2008-04-14 11:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
--a------ 2008-10-22 23:51 147968 e:\program files\filehippo.com\UpdateChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 19:10 2007088 e:\program files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a--c--- 2007-08-31 12:01 1037736 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2008-05-16 14:01 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a--c--- 2007-02-22 19:53 2209224 c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-01-23 21:52 1830128 e:\program files\SuperAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2008-04-09 20:11 2595792 e:\program files\Acronis True Image 11\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VEngine]
--a------ 2009-01-24 12:41 335616 c:\program files\Comodo\VEngine\VEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 18:20 866584 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2008-12-29 09:59 2908160 e:\winfast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2008-12-11 10:48 90112 e:\winfast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WSTray Icon]
--a------ 2007-11-07 18:35 86016 e:\dvb web scheduler\DVB Web Scheduler Pro\WSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2008-05-16 14:01 1630208 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Acronis\\Agent\\agent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\"=
"e:\\Phone\\Skype.exe"=
"DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"=
"e:\\Phone\\Phone\\Skype.exe"=
"e:\\Program Files\\FlashGet\\FlashGet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1:TCP"= 1:TCP:Tirminal™[1]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2008-11-15 134272]
R1 SASDIFSV;SASDIFSV;e:\program files\SuperAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;e:\program files\SuperAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 US30Kbd;US30Kbd;c:\windows\system32\drivers\US30Kbd2K.sys [2005-03-31 10464]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2006-09-13 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2006-09-13 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2006-09-13 10496]
R4 AcronisAgent;Acronis Remote Agent;c:\program files\Common Files\Acronis\Agent\agent.exe [2006-07-10 319488]
R4 AcronisBackupServerService;Acronis Backup Server Service;c:\program files\Acronis\BackupServer\backupserver.exe [2006-07-10 9022375]
R4 DWSPS;DVB Web Scheduler Pro Service;e:\dvb web scheduler\DVB Web Scheduler Pro\wrapper.exe -s wrapper.conf --> e:\dvb web scheduler\DVB Web Scheduler Pro\wrapper.exe -s wrapper.conf [?]
R4 StkSSrv;Syntek DC-112X Service;c:\windows\system32\StkSrv2k.exe [2006-05-28 24576]
R4 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2006-09-13 167040]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
S3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2007-12-16 26752]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-03 55296]
S3 SASENUM;SASENUM;e:\program files\SuperAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 StkMini;Syntek DC-112X;c:\windows\system32\drivers\StkMini.sys [2006-05-28 787081]
S4 FolderProtectService;FolderProtectService; [x]
S4 NeroMediaHomeService.4;Nero MediaHome 4 Service; [x]
S4 RoxLiveShare10;LiveShare P2P Server 10; [x]
S4 SessionLauncher;SessionLauncher; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 12:01]

2009-01-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-01-26 c:\windows\Tasks\NeroLiveEpgUpdate-PETER2_Peter-Mattson.job
- e:\nero 9\Nero 9\Nero Live\NeroLive.exe []

2009-01-26 c:\windows\Tasks\RegCure Program Check.job
- e:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2008-12-31 c:\windows\Tasks\RegCure.job
- e:\program files\RegCure\RegCure.exe [2007-08-02 10:20]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://optusnet.com.au
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.optusnet.com.au/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - e:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - e:\program files\FlashGet\jc_link.htm
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Use ViDown to download
Trusted Zone: microsoft.com\www.update
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 10:50:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Hold

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"

[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
e:\program files\SuperAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(996)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\BRSS01A.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
e:\dvb web scheduler\DVB Web Scheduler Pro\wrapper.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\javaw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
e:\super_dvd_creator_9.8\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
e:\program files\Universal Shield\US30Service.exe
c:\windows\system32\searchindexer.exe
.
**************************************************************************
.
Completion time: 2009-01-27 10:55:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-26 23:54:44
ComboFix2.txt 2009-01-26 23:36:53

Pre-Run: 19,668,561,920 bytes free
Post-Run: 19,654,025,216 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
326 --- E O F --- 2009-01-15 05:17:49


Logfile of random's system information tool 1.05 (written by random/random)
Run by Peter Mattson at 2009-01-27 15:27:22
Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (61%) free of 31 GB
Total RAM: 1023 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:41 PM, on 27/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Agent\agent.exe
C:\Program Files\Acronis\BackupServer\backupserver.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\AVG8~1.0\avgwdsvc.exe
E:\DVB Web Scheduler\DVB Web Scheduler Pro\wrapper.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\AVG8~1.0\avgrsx.exe
E:\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Online Armor\oacat.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkSrv2K.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\Program Files\Universal Shield\US30Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
E:\AVG8~1.0\avgemc.exe
C:\WINDOWS\Explorer.EXE
E:\AVG8~1.0\avgtray.exe
E:\Program Files\Online Armor\oaui.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\Online Armor\oahlp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\mozilla.org\SEAMON~1\SEAMON~1.EXE
K:\RSIT-1.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
E:\Program Files\Peter Mattson.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optusnet.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\AVG 8.0\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] E:\AVG8~1.0\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "E:\Program Files\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE" -turbo
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\AVG 8.0\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SuperAntiSpyware\SASWINLO.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files\Common Files\Acronis\Agent\agent.exe
O23 - Service: Acronis Backup Server Service (AcronisBackupServerService) - Acronis - C:\Program Files\Acronis\BackupServer\backupserver.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\AVG8~1.0\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\AVG8~1.0\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe (file missing)
O23 - Service: DVB Web Scheduler Pro Service (DWSPS) - Unknown owner - E:\DVB Web Scheduler\DVB Web Scheduler Pro\wrapper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - (no file)
O23 - Service: NMSAccessU - Unknown owner - E:\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - E:\Program Files\Online Armor\oacat.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - E:\Program Files\Online Armor\oasrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: US30Service - Unknown owner - E:\Program Files\Universal Shield\US30Service.exe

--
End of file - 8952 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\NeroLiveEpgUpdate-PETER2_Peter-Mattson.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - E:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - E:\AVG 8.0\avgssie.dll [2009-01-27 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A968A4B4-C492-4834-B651-17602C3885C8}]
Comodo VerificationEngine - C:\Program Files\Comodo\VEngine\VEngineIE.dll [2009-01-24 1511168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - E:\Program Files\FlashGet\getflash.dll [2007-05-19 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"AVG8_TRAY"=E:\AVG8~1.0\avgtray.exe [2009-01-27 1261336]
"@OnlineArmor GUI"=E:\Program Files\Online Armor\oaui.exe [2008-12-13 6223048]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"=C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE [2008-12-04 106496]
"SeaMonkey Quick Launch"=C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe [2008-12-04 106496]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2008-10-03 165144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
E:\Program Files\Acronis True Image 11\TimounterMonitor.exe [2008-04-09 909208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-11-20 178688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-08-08 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO SafeSurf]
C:\Program Files\COMODO\SafeSurf\cssurf.exe [2008-07-11 278264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
E:\Program Files\filehippo.com\UpdateChecker.exe [2008-10-22 147968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
E:\Program Files\FlashGet\FlashGet.exe [2007-09-25 2007088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 1037736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet]
C:\WINDOWS\system32\ []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-09-11 86960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-02-22 2209224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
E:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe [2009-01-23 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
E:\Program Files\Acronis True Image 11\TrueImageMonitor.exe [2008-04-09 2595792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VEngine]
C:\Program Files\Comodo\VEngine\VEngine.exe [2009-01-24 335616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
E:\Winfast\WFDTV\WFWIZ.exe [2008-12-29 2908160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
E:\Winfast\WFDTV\DTVSchdl.exe [2008-12-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WSTray Icon]
E:\DVB Web Scheduler\DVB Web Scheduler Pro\WSTray.exe [2007-11-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
E:\MIGHTY~1\MFNTCTL.EXE [2007-01-03 923912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
C:\WINDOWS\system32\sistray.exe [2004-08-10 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^avgcc.exe.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^MagicDisc.lnk]
E:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2008-07-28 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^MiniReminder.lnk]
C:\PROGRA~1\MINIRE~1\MINIRE~1.EXE [2007-04-13 142336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
[]

C:\Documents and Settings\Peter Mattson\Start Menu\Programs\Startup
TempCleaner.lnk - C:\Program Files\TempCleaner\TempCleaner.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
E:\Program Files\SuperAntiSpyware\SASWINLO.DLL [2009-01-23 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"=E:\PROGRA~1\ONLINE~1\oaevent.dll [2008-12-13 886984]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Ghp`amfUbrhLds"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\Acronis\Agent\agent.exe"="C:\Program Files\Common Files\Acronis\Agent\agent.exe:*:Enabled:Acronis Remote Agent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\"="C:\WINDOWS\system32\:*:Enabled:Internet"
"E:\Phone\Skype.exe"="E:\Phone\Skype.exe:*:Enabled:Skype"
"DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"="DEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ:*:Enabled:Nod32 Runtime"
"E:\Phone\Phone\Skype.exe"="E:\Phone\Phone\Skype.exe:*:Enabled:Skype"
"E:\Program Files\FlashGet\FlashGet.exe"="E:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"E:\AVG 8.0\avgemc.exe"="E:\AVG 8.0\avgemc.exe:*:Enabled:avgemc.exe"
"E:\AVG 8.0\avgupd.exe"="E:\AVG 8.0\avgupd.exe:*:Enabled:avgupd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2009-01-27 15:23:55 ----D---- C:\rsit
2009-01-27 11:55:14 ----SHD---- C:\RECYCLER
2009-01-27 11:30:02 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\OnlineArmor
2009-01-27 11:30:02 ----D---- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2009-01-27 10:59:53 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-01-27 10:59:34 ----D---- C:\Program Files\AVG
2009-01-27 10:55:03 ----A---- C:\ComboFix.txt
2009-01-27 10:29:07 ----D---- C:\WINDOWS\temp
2009-01-27 10:27:12 ----A---- C:\Boot.bak
2009-01-27 10:27:08 ----RASHD---- C:\cmdcons
2009-01-27 10:05:42 ----D---- C:\32788R22FWJFW.3.tmp
2009-01-27 09:51:26 ----A---- C:\WINDOWS\zip.exe
2009-01-27 09:51:26 ----A---- C:\WINDOWS\VFIND.exe
2009-01-27 09:51:26 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-27 09:51:26 ----A---- C:\WINDOWS\SWSC.exe
2009-01-27 09:51:26 ----A---- C:\WINDOWS\SWREG.exe
2009-01-27 09:51:26 ----A---- C:\WINDOWS\sed.exe
2009-01-27 09:51:26 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-27 09:51:26 ----A---- C:\WINDOWS\grep.exe
2009-01-27 09:51:26 ----A---- C:\WINDOWS\fdsv.exe
2009-01-27 09:51:23 ----D---- C:\WINDOWS\ERDNT
2009-01-27 09:51:23 ----D---- C:\Qoobox
2009-01-27 09:30:21 ----D---- C:\32788R22FWJFW.2.tmp
2009-01-27 09:21:40 ----D---- C:\32788R22FWJFW.1.tmp
2009-01-27 08:43:38 ----D---- C:\32788R22FWJFW.0.tmp
2009-01-26 23:09:15 ----RASHD---- C:\autorun.inf
2009-01-25 21:52:01 ----D---- C:\Program Files\Google
2009-01-25 20:24:25 ----A---- C:\WINDOWS\SeaMonkeyUninstall.exe
2009-01-25 16:44:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-25 09:33:22 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-23 19:02:34 ----A---- C:\WINDOWS\bebvgsq.txt
2009-01-22 08:10:07 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\WinCare2008
2009-01-22 07:58:13 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-22 07:58:07 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\SUPERAntiSpyware.com
2009-01-22 07:56:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-22 07:55:52 ----D---- C:\!KillBox
2009-01-21 18:26:29 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\Malwarebytes
2009-01-21 18:26:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-20 07:25:08 ----D---- C:\Documents and Settings\All Users\Application Data\_comodo_
2009-01-20 06:32:27 ----A---- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-01-15 18:41:28 ----D---- C:\Program Files\Microsoft Sync Framework
2009-01-15 18:33:54 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-15 16:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-10 18:37:58 ----A---- C:\Cucu_Video_log.txt
2009-01-10 18:37:33 ----A---- C:\WINDOWS\system32\cdga.dll
2009-01-10 18:37:33 ----A---- C:\WINDOWS\system32\cdg.dll

======List of files/folders modified in the last 1 months======

2009-01-27 11:56:09 ----SD---- C:\WINDOWS\Tasks
2009-01-27 11:55:42 ----D---- C:\WINDOWS\system32\inetsrv
2009-01-27 11:54:00 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-27 11:29:42 ----D---- C:\WINDOWS\system32\drivers
2009-01-27 10:59:53 ----RSHD---- C:\WINDOWS\system32
2009-01-27 10:59:34 ----RSD---- C:\Program Files
2009-01-27 10:59:34 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-01-27 10:59:28 ----SHD---- C:\WINDOWS\Installer
2009-01-27 10:59:08 ----D---- C:\Config.Msi
2009-01-27 10:58:00 ----SD---- C:\Documents and Settings\Peter Mattson\Application Data\Microsoft
2009-01-27 10:58:00 ----D---- C:\WINDOWS
2009-01-27 10:50:28 ----A---- C:\WINDOWS\system.ini
2009-01-27 10:44:02 ----D---- C:\WINDOWS\system32\config
2009-01-27 10:43:06 ----D---- C:\WINDOWS\AppPatch
2009-01-27 10:43:06 ----D---- C:\Program Files\Common Files
2009-01-27 10:31:53 ----D---- C:\WINDOWS\Prefetch
2009-01-27 10:27:12 ----RASH---- C:\boot.ini
2009-01-27 10:24:06 ----SHD---- C:\WINDOWS\CSC
2009-01-27 10:21:58 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-01-26 23:16:45 ----AC---- C:\WINDOWS\win.ini
2009-01-26 23:15:31 ----SHD---- C:\System Volume Information
2009-01-26 23:15:31 ----D---- C:\WINDOWS\system32\Restore
2009-01-26 18:35:06 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-01-26 18:34:38 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\VideoReDo-TVSuite
2009-01-26 17:57:40 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-01-26 17:48:39 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\Vso
2009-01-26 17:42:49 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\uTorrent
2009-01-25 23:13:05 ----D---- C:\Downloads
2009-01-25 21:52:04 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-01-25 21:52:03 ----HD---- C:\WINDOWS\inf
2009-01-25 20:24:05 ----A---- C:\WINDOWS\GREUninstall.exe
2009-01-25 08:03:00 ----D---- C:\WINDOWS\pss
2009-01-24 22:41:49 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-24 15:58:14 ----D---- C:\Program Files\Windows Media Player
2009-01-24 15:58:14 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-24 15:58:13 ----D---- C:\Program Files\PrintDeskTop
2009-01-24 15:58:12 ----D---- C:\Program Files\Messenger
2009-01-24 12:21:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-01-23 22:14:27 ----D---- C:\WINDOWS\Minidump
2009-01-23 22:14:27 ----D---- C:\WINDOWS\Debug
2009-01-21 20:21:12 ----D---- C:\WINDOWS\network diagnostic
2009-01-20 23:18:31 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-01-20 20:12:34 ----D---- C:\Program Files\Comodo
2009-01-20 06:22:53 ----D---- C:\Documents and Settings
2009-01-19 22:50:49 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\Comodo
2009-01-16 09:04:31 ----D---- C:\Temp
2009-01-15 20:21:20 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-15 18:41:33 ----RSD---- C:\WINDOWS\assembly
2009-01-15 18:41:28 ----D---- C:\WINDOWS\WinSxS
2009-01-15 18:35:19 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-01-15 18:23:22 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\Uniblue
2009-01-15 16:36:17 ----D---- C:\Open Hold
2009-01-15 16:16:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-10 18:31:16 ----D---- C:\WINDOWS\Internet Logs
2009-01-10 18:17:20 ----A---- C:\avi_log.txt
2009-01-10 12:35:28 ----AC---- C:\WINDOWS\system32\MRT.exe
2009-01-09 20:33:06 ----D---- C:\Documents and Settings\Peter Mattson\Application Data\Canon
2009-01-09 12:47:11 ----AC---- C:\WINDOWS\brwmark.ini
2009-01-06 15:56:13 ----HD---- C:\Program Files\InstallShield Installation Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-01-27 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-01-27 26824]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 OADevice;OADriver; \??\C:\WINDOWS\system32\drivers\OADriver.sys []
R1 OAmon;OAmon; \??\C:\WINDOWS\system32\drivers\OAmon.sys []
R1 OAnet;OAnet; \??\C:\WINDOWS\system32\drivers\OAnet.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 SASDIFSV;SASDIFSV; \??\E:\Program Files\SuperAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\E:\Program Files\SuperAntiSpyware\SASKUTIL.sys []
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2008-06-27 19072]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 US30Sys;US30Sys; C:\WINDOWS\System32\Drivers\US30XP.sys [2006-04-20 62464]
R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-01-27 76040]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2003-03-31 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2003-03-31 55936]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-12-04 44384]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 WFCXVCAP;WinFast TV Video Capture Driver; C:\WINDOWS\system32\drivers\wfcxvcap.sys [2007-09-19 167040]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-09-06 20096]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2007-04-26 267520]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2007-02-02 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-16 10368]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 32768]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 ULCDRHlp;ULCDRHlp; C:\WINDOWS\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
R3 US30Kbd;US30Kbd; C:\WINDOWS\System32\Drivers\US30Kbd2K.sys [2005-03-31 10464]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver; C:\WINDOWS\system32\drivers\wfcxdtun.sys [2007-09-19 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver; C:\WINDOWS\system32\drivers\wfcxtcap.sys [2007-09-19 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver; C:\WINDOWS\system32\drivers\wfcxxbar.sys [2007-09-19 10496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys []
S1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys []
S1 gaopdxserv.sys;gaopdxserv.sys; C:\WINDOWS\system32\drivers\gaopdxlckjaoyr.sys []
S1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys []
S2 V2IMount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys []
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter; \??\C:\WINDOWS\system32\drivers\AWRTRD.sys []
S3 BOCDRIVE;BOClean Kernel Monitor.; \??\E:\Program Files\Boclean\BOCDRIVE.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2006-06-19 93568]
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 ip100xp;ASUS NX1001 Network Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2006-03-27 26752]
S3 leafnets;Leaf Networks Adapter; C:\WINDOWS\system32\DRIVERS\leafnets.sys [2007-05-03 55296]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2006-09-02 21120]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SASENUM;SASENUM; \??\E:\Program Files\SuperAntiSpyware\SASENUM.SYS []
S3 sermouse;Serial Mouse Driver; C:\WINDOWS\System32\DRIVERS\sermouse.sys [2003-03-31 17664]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2008-06-27 323584]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 StkMini;Syntek DC-112X; C:\WINDOWS\System32\Drivers\StkMini.sys [2005-07-05 787081]
S3 StkScan;Syntek DC-112X Filter Driver; C:\WINDOWS\System32\Drivers\StkScan.sys [2005-06-10 4673]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 VPROEVENTMONITOR;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winusb;WinUSB Service; C:\WINDOWS\system32\DRIVERS\WinUSB.SYS [2006-11-02 39368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-11-19 109056]
R2 AcronisAgent;Acronis Remote Agent; C:\Program Files\Common Files\Acronis\Agent\agent.exe [2006-07-10 319488]
R2 AcronisBackupServerService;Acronis Backup Server Service; C:\Program Files\Acronis\BackupServer\backupserver.exe [2006-07-10 9022375]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2008-10-03 554264]
R2 avg8emc;AVG Free8 E-mail Scanner; E:\AVG8~1.0\avgemc.exe [2009-01-27 875288]
R2 avg8wd;AVG Free8 WatchDog; E:\AVG8~1.0\avgwdsvc.exe [2009-01-27 231704]
R2 DWSPS;DVB Web Scheduler Pro Service; E:\DVB Web Scheduler\DVB Web Scheduler Pro\wrapper.exe [2004-10-01 135168]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
R2 NMSAccessU;NMSAccessU; E:\Super_DVD_Creator_9.8\NMSAccessU.exe [2007-10-12 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 OAcat;Online Armor Helper Service; E:\Program Files\Online Armor\oacat.exe [2008-12-13 1402568]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2003-03-31 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-14 33280]
R2 StkSSrv;Syntek DC-112X Service; C:\WINDOWS\System32\StkSrv2K.exe [2005-06-09 24576]
R2 SvcOnlineArmor;Online Armor; E:\Program Files\Online Armor\oasrv.exe [2008-12-13 3321032]
R2 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-09 492896]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 US30Service;US30Service; E:\Program Files\Universal Shield\US30Service.exe [2005-11-08 24576]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2002-04-12 57344]
S2 cmdAgent;COMODO Internet Security Helper Service; E:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2003-03-31 19456]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 p2pgasvc;Peer Networking Group Authentication; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 p2pimsvc;Peer Networking Identity Manager; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 p2psvc;Peer Networking; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 PNRPSvc;Peer Name Resolution Protocol; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-14 8704]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-27 15:25:06

======Uninstall list======

@BIOS B06.0721.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
-->E:\DivX\DivXConverterUninstall.exe /CONVERTER
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acronis Backup Server-->MsiExec.exe /X{5B3D81A5-0200-4CEA-813D-E0EDD81A6421}
Acronis Disk Director Suite 10 build 2160-->C:\Program Files\Acronis\Acronis Disk Director\Uninstal.exe
Acronis Disk Director Suite-->MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Acronis True Image Home-->MsiExec.exe /X{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Alive Video Converter (version 3.2.0.8)-->"E:\Video Converter\unins000.exe"
Ashampoo Burning Studio 8.04-->"E:\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
AVG Free 8.0-->E:\AVG 8.0\setup.exe /UNINSTALL
Belarc Advisor 7.2-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}
Bruce's Unusual Typing Wizard, Version 1.5.0-->"E:\Bruce's Unusual Typing Wizard\uninstall\unins000.exe"
Canon CanoScan Toolbox 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
CCleaner (remove only)-->"E:\Program Files\CC Cleaner\uninst.exe"
CDCheck-->"E:\CDCheck\uninst.exe"
CDRoller version 7.51-->"E:\CDRoller\unins000.exe"
COMODO Internet Security-->E:\Program Files\Comodo\COMODO Internet Security\cfpconfg.exe -u
COMODO SafeSurf-->C:\Program Files\COMODO\SafeSurf\cssconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
ConvertXtoDVD 3.3.4.107-->"E:\ConvertXtoDVD3\unins000.exe"
Cucusoft Ultimate DVD + Video Converter Suite 7.13.7.7-->"E:\Ultimate-Converter\unins000.exe"
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
DivX Converter-->E:\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->E:\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->E:\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dMC Power Pack-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC Power Pack.dat
Driver Magician 3.32-->"E:\Program Files\Driver Magician\unins000.exe"
DVB Web Scheduler Pro-->"E:\DVB Web Scheduler\DVB Web Scheduler Pro\uninstall.exe"
DVD Decrypter (Remove Only)-->"E:\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"E:\DVD Shrink\unins000.exe"
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.2.0-->"E:\DVDFab Platinum 5\DVDFab 5\unins000.exe"
EASEUS Data Recovery Wizard Professional 4.3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1965C9BB-9114-4A50-AEC7-E62414BB117B}\setup.exe" -l0x9 -removeonly
ffdshow-->"E:\K-Lite Codec Pack\ffdshow\uninstall.exe"
filehippo.com Update Checker-->"E:\Program Files\filehippo.com\uninstall.exe"
FlashGet 1.9.6.1073-->E:\Program Files\FlashGet\uninst.exe
Foxit PDF Creator-->E:\Foxit Software\FPC_Uninstall.exe
Foxit Reader-->E:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Gears-->MsiExec.exe /I{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}
HijackThis 2.0.2-->"E:\Program Files\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Imagicon-->E:\Imagicon\Uninstall.exe
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
jv16 PowerTools 2008-->"E:\Program Files\jv16 PowerTools 2008\jv16 PowerTools 2008\unins000.exe"
K-Lite Codec Pack 4.2.5 (Full)-->"E:\K-Lite Codec Pack\unins000.exe"
Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
MagicDisc 2.6.93-->E:\PROGRA~1\MAGICD~1\UNWISE.EXE E:\PROGRA~1\MAGICD~1\INSTALL.LOG
MagicDisc 2.7.105-->E:\PROGRA~1\MAGICD~1\UNWISE.EXE E:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MemoriesOnTV 4.0.1-->"E:\Memories on TV\unins001.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
Microsoft Sync Framework Services v1.0 (x86)-->MsiExec.exe /I{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Micro-Sys Ajour-->"E:\Program Files\Ajour\unins000.exe"
MightyFax-->E:\MIGHTY~1\UnMighty.EXE
MozBackup 1.4.6-->"C:\Program Files\MozBackup\unins000.exe"
Mozilla Sunbird (0.8)-->E:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-249K-1T0E-3A1A-C7AA-MUZ3-8EL4-2U9W"
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Online Armor 3.0-->"E:\Program Files\Online Armor\unins000.exe"
OnlineLive-->MsiExec.exe /I{505A5E33-446A-4ED4-849C-D38D6F91EA39}
OptusNet Cable Components-->C:\PROGRA~1\OPTUSN~2\UNWISE.EXE C:\PROGRA~1\OPTUSN~2\INSTALL.LOG
OptusNet Usage Meter-->"E:\Program Files\OptusNet Usage Meter\unins000.exe"
Paint.NET v3.08-->MsiExec.exe /X{83B26E5D-1795-4DFE-9317-0FA0F3AAB568}
PCI SoftV92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_HSF\UIU32m.exe -U -IPSCRCSR5K.inf
Picasa 3-->"E:\Picasa3\Uninstall.exe"
Power Data Recovery 4.1.2-->"H:\PowerDataRecovery\unins000.exe"
PowerDVD-->C:\Program Files\InstallShield Installation Information\{307BD415-B3E6-4E60-962A-FEF793237322}\Setup.exe -runfromtemp -l0x0409
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Print Server-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\D-Link\Print Server\Uninst.isu"
PrintDeskTop-->C:\WINDOWS\unvise32.exe C:\Program Files\PrintDeskTop\uninstal.log
QT Lite 2.7.0-->"E:\Program Files\QT Lite\unins000.exe"
RaidApplication-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x9
Real Alternative 1.8.2-->"E:\Real Alternative\unins000.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0-->E:\Program Files\RegCure\uninst.exe
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
SeaMonkey (1.1.14)-->C:\WINDOWS\SeaMonkeyUninstall.exe /ua "1.1.14 (en)"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Shutter-->"E:\Shutter\unins000.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities-->Rundll32 SiSInst.dll,Uninstall VGA,R
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spin It Again-->E:\ACOUST~1\UNWISE.EXE E:\ACOUST~1\INSTALL.LOG
Super DVD Creator 9.8 Full Version-->"E:\Super_DVD_Creator_9.8\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SyncToy 2.0 (x86)-->MsiExec.exe /I{AFDFC350-C142-4790-BE12-8357AECD028F}
TempCleaner-->C:\Program Files\TempCleaner\uninst.exe
The Core Media Player 4.0-->"E:\The Core Media Player\uninstall-tcmp4.exe"
TotalAudioConverter-->"E:\TotalAudioConverter\unins000.exe"
TypeFaster Typing Tutor-->"E:\Program Files\TypeFaster\uninstall.exe"
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Universal Shield-->"E:\Program Files\Universal Shield\Uninstall.exe" "E:\Program Files\Universal Shield\install.log" -u
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Access 2007 Help (KB957241)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {D670F9B9-3E84-47B5-8A4A-618B65DB1593}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Publisher 2007 Help (KB957249)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4E140A5A-4A90-404A-B955-10C2D98CD3EE}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959141)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC6191C2-B0CE-473C-AD77-61EA3497D796}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB 2.0 PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01814817-4502-4C66-825A-5E22D80ACD8E}\Setup.exe" -l0x9
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Verification Engine-->"C:\Program Files\Comodo\VEngine\VESetup.exe"
VideoReDo TVSuite Version 3.1.5.565-->"E:\VideoReDoTVSuite\unins000.exe"
WinAVI Video Converter-->"E:\WinAVI Video Converter\unins000.exe"
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Easy Transfer-->"C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinFast Codec-TS SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}\Setup.exe" -l0x9
WinFast De-interlace SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0E0340-C3D7-42D1-96D4-64179FD456AE}\Setup.exe" -l0x9
WinFast PVR2-->C:\Program Files\InstallShield Installation Information\{C92C584E-C781-475E-A8E2-C67D993A6B95}\setup.exe -runfromtemp -l0x0009 -removeonly
WinFast TT-SB SDK-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9848E2-5F19-4E49-9E6E-044FBDC28404}\Setup.exe" -l0x9
WinRAR archiver-->E:\WinRar\uninstall.exe
Xilisoft HD Video Converter-->E:\Xilisoft\HD Video Converter\Uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoner Panorama Maker-->"E:\Panorama Maker\unins000.exe"

=====HijackThis Backups=====

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

======Security center information======

AV: AVG Anti-Virus Free
FW: Online Armor Firewall

System event log

Computer Name: PETER2
Event Code: 7000
Message: The Symantec V2i Mount Driver service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 108068
Source Name: Service Control Manager
Time Written: 20090119225340.000000+660
Event Type: error
User:

Computer Name: PETER2
Event Code: 7000
Message: The SessionLauncher service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 108067
Source Name: Service Control Manager
Time Written: 20090119225340.000000+660
Event Type: error
User:

Computer Name: PETER2
Event Code: 7000
Message: The Nero MediaHome 4 Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 108066
Source Name: Service Control Manager
Time Written: 20090119225340.000000+660
Event Type: error
User:

Computer Name: PETER2
Event Code: 7000
Message: The My Web Search Service service failed to start due to the following error:
The system cannot find the path specified.


Record Number: 108065
Source Name: Service Control Manager
Time Written: 20090119225340.000000+660
Event Type: error
User:

Computer Name: PETER2
Event Code: 1001
Message: The SNMP Service has started successfully.

Record Number: 108064
Source Name: SNMP
Time Written: 20090119225329.000000+660
Event Type: information
User:

Application event log

Computer Name: PETER2
Event Code: 11724
Message: Product: Uniblue DriverScanner 2009 -- Removal completed successfully.

Record Number: 4588
Source Name: MsiInstaller
Time Written: 20081117194537.000000+660
Event Type: information
User: PETER2\Peter Mattson

Computer Name: PETER2
Event Code: 11707
Message: Product: Uniblue DriverScanner 2009 -- Installation completed successfully.

Record Number: 4587
Source Name: MsiInstaller
Time Written: 20081117185724.000000+660
Event Type: information
User: PETER2\Peter Mattson

Computer Name: PETER2
Event Code: 0
Message:
Record Number: 4586
Source Name: NMIndexingService
Time Written: 20081117171234.000000+660
Event Type: information
User:

Computer Name: PETER2
Event Code: 3044
Message: The gatherer index resumed.

Context: Application, SystemIndex Catalog


Record Number: 4585
Source Name: Windows Search Service
Time Written: 20081117171231.000000+660
Event Type: information
User:

Computer Name: PETER2
Event Code: 1003
Message: The Windows Search Service started.


Record Number: 4584
Source Name: Windows Search Service
Time Written: 20081117171223.000000+660
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"PATH"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\ArcSoft\Bin;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared;C:\Program Files\Common Files\Roxio Shared\DLLShared

-----------------EOF-----------------

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 27 January 2009 - 09:27 AM

Hi rupert,



Step1

  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Driver::
gaopdxserv.sys

File::
C:\32788R22FWJFW.3.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.0.tmp
c:\windows\system32\drivers\zatcjw.sys
c:\windows\system32\bbfacfcb4_z.ocx
C:\WINDOWS\system32\drivers\gaopdxlckjaoyr.sys

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\"=-
"DEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~ӟ"=-
Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step2

Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.




Step3

Please do an online scan with Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
You can refer to this animation

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.KAS Scan Report
2.Combofix log
3.New HJT log

Tell me how your pc is running now.

#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:55 PM

Posted 31 January 2009 - 03:18 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 01 February 2009 - 11:19 AM

Hi rupert,


Please post the logs as instructed above. Thanks. :thumbup2:

#13 rupert

rupert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 02 February 2009 - 05:56 AM

I'm afraid I shall have to ask you to terminate this thread as I am having so much difficulty in getting combofix to work. I have tried Safe Mode and it still tells me my AVG antivirus is still active despite having taken the action suggested on your Web. I ended up attempting to delete AVG entirely but Sod's Law came into action and it just refused to do so, giving me register errors as the reason. I will eventually get there but it will take me time. Not wanting to ask for the thread to be reopened a second time please consider this the last message.
Thank you for your efforts. I have learned a lot, and in so doing I am reasonably sure I have fixed most of the problems. I just wanted to be sure.

#14 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:55 PM

Posted 02 February 2009 - 10:40 AM

Hi rupert,

Technically speaking, you are not entirely clean. Absence of symptoms does not mean that everything is clear.
If you ran into troubles in your clean process, You may stop and ask for next instruction until all doubt is clear, then proceed the next move.
While running CF, the default will detect if any antivirus or antispyware real time protection is on which may interfere the clean process. While disabling AVG, you should do the following:
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on taskbar.

1.Click on Tools.
2.Select Advanced Settings.
3.In the left hand pane, scroll down to "Resident Shield".
4.In the main pane, untick the option to "Enable Resident Shield."

And while unisntall AVG, you should go to Here to download AVG Remover or follow the instruction How to uninstall AVG permanently. If still no joy whatsoever, You can jump to Kas online scan first instead. Anyway, you make the call. If you feel comfortable about the status you're running. Please kindly response this topic one more time. so we can mark the thread as resolved. Thanks.

Edited by sundavis, 02 February 2009 - 10:33 PM.


#15 rupert

rupert
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:55 AM

Posted 03 February 2009 - 02:45 AM

Thanks once again for persisting with me.

Since my last post, and prior to your last reply, just for the hell of it I ran the Kapersky scan, (last night my time). It found three viruses within my mail folder mail in. This really surprised me, so I ran three separate virus checkers on that folder, AVG, superAntiSpy, and Malwarebytes Anti-Malware. None of them reported any problems in that folder.
I also managed somehow to remove AVG and re-installing cleanly and I was all prepared to run with this until I saw you had sent me your last post.
So, with your advice I have now managed knock out AVG without entirely removing it and ran Combofix successfully.
the three logs are now below but please note the Kapersky log is an earlier time to the two others for the reason I stated

ComboFix 09-01-21.04 - Peter Mattson 2009-02-03 18:06:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.357 [GMT 11:00]
Running from: g:\downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Peter Mattson\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FW: Online Armor Firewall *disabled*
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -

FILE ::
C:\32788R22FWJFW.0.tmp
C:\32788R22FWJFW.1.tmp
C:\32788R22FWJFW.2.tmp
C:\32788R22FWJFW.3.tmp
c:\windows\system32\bbfacfcb4_z.ocx
c:\windows\system32\drivers\gaopdxlckjaoyr.sys
c:\windows\system32\drivers\zatcjw.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bbfacfcb4_z.ocx
c:\windows\system32\drivers\zatcjw.sys

.
((((((((((((((((((((((((( Files Created from 2009-01-03 to 2009-02-03 )))))))))))))))))))))))))))))))
.

2009-02-02 21:25 . 2009-02-02 21:25 <DIR> d-------- c:\documents and settings\Peter Mattson\Application Data\AVGTOOLBAR
2009-01-27 11:30 . 2009-02-03 18:04 <DIR> d-------- c:\documents and settings\Peter Mattson\Application Data\OnlineArmor
2009-01-27 11:30 . 2009-01-27 11:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-01-27 11:29 . 2008-12-13 02:26 178,376 --a------ c:\windows\system32\drivers\OADriver.sys
2009-01-27 11:29 . 2008-12-13 02:26 30,920 --a------ c:\windows\system32\drivers\OAmon.sys
2009-01-27 11:29 . 2008-12-13 02:26 28,872 --a------ c:\windows\system32\drivers\OAnet.sys
2009-01-27 10:59 . 2009-02-03 10:49 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-27 10:59 . 2009-02-02 21:03 <DIR> d-------- c:\program files\AVG
2009-01-27 10:59 . 2009-02-02 21:23 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-27 10:59 . 2009-02-02 21:23 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-27 10:59 . 2009-01-30 12:21 10,520 --------- c:\windows\system32\avgrsstx.dll.install_backup
2009-01-27 10:59 . 2009-02-02 21:22 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-25 21:52 . 2009-01-25 21:52 <DIR> d-------- c:\program files\Google
2009-01-25 20:24 . 2009-01-25 20:24 118,784 --a------ c:\windows\SeaMonkeyUninstall.exe
2009-01-22 08:10 . 2009-01-22 08:10 <DIR> d-------- c:\documents and settings\Peter Mattson\Application Data\WinCare2008
2009-01-22 07:58 . 2009-01-22 07:58 <DIR> d-------- c:\documents and settings\Peter Mattson\Application Data\SUPERAntiSpyware.com
2009-01-22 07:58 . 2009-01-22 07:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-22 07:56 . 2009-01-22 07:56 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-21 18:26 . 2009-01-21 18:26 <DIR> d-------- c:\documents and settings\Peter Mattson\Application Data\Malwarebytes
2009-01-21 18:26 . 2009-01-21 18:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-21 18:26 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 18:26 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-20 18:30 . 2007-12-24 17:37 138,384 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-20 07:25 . 2009-01-27 10:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\_comodo_
2009-01-20 06:32 . 2009-01-21 20:37 120 --a------ c:\windows\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
2009-01-15 18:41 . 2009-01-15 18:41 <DIR> d-------- c:\program files\Microsoft Sync Framework
2009-01-15 18:33 . 2009-01-15 18:34 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-01-10 18:37 . 2004-01-16 15:50 516,096 --a------ c:\windows\system32\CLVSDS.ax
2009-01-10 18:37 . 2008-02-03 21:26 364,544 --a------ c:\windows\system32\cdg.dll
2009-01-10 18:37 . 2006-09-27 17:46 348,160 --a------ c:\windows\system32\cdga.dll
2009-01-10 18:37 . 2006-07-08 04:07 114,688 --a------ c:\windows\system32\PropListCtrl.ocx
2009-01-10 18:37 . 2004-09-10 13:50 34,820 --a------ c:\windows\system32\ffdshow.reg
2009-01-10 18:37 . 2006-07-17 21:42 14,909 --a------ c:\windows\system32\A_reg.reg
2009-01-06 09:33 . 2009-01-06 09:33 3,751,995 --a------ c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 23:55 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Vso
2009-02-02 10:31 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-02 10:05 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\uTorrent
2009-02-02 06:36 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Canon
2009-01-27 21:14 2,100 -c--a-w c:\documents and settings\Peter Mattson\Application Data\wklnhst.dat
2009-01-27 07:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-27 07:32 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\VideoReDo-TVSuite
2009-01-26 23:21 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-01-25 09:24 118,784 ----a-w c:\windows\GREUninstall.exe
2009-01-24 04:58 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-24 04:58 --------- d-----w c:\program files\PrintDeskTop
2009-01-24 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-20 09:12 --------- d-----w c:\program files\Comodo
2009-01-19 11:50 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Comodo
2009-01-15 07:35 --------- d-----w c:\documents and settings\All Users\Application Data\DriverScanner
2009-01-15 07:23 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Uniblue
2009-01-06 04:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-23 07:27 --------- d-----w c:\program files\Java
2008-12-18 05:05 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-17 08:04 --------- d-----w c:\documents and settings\Peter Mattson\Application Data\Nero
2008-12-17 07:51 --------- d-----w c:\program files\Common Files\Nero
2008-12-17 07:25 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-12-11 10:57 333,952 ------w c:\windows\system32\drivers\srv.sys
2008-12-11 01:42 --------- d-----w c:\program files\Yahoo!
2008-12-04 08:52 441,760 -c--a-w c:\windows\system32\drivers\timntr.sys
2008-12-04 08:52 44,384 -c--a-w c:\windows\system32\drivers\tifsfilt.sys
2008-12-04 08:52 368,480 -c--a-w c:\windows\system32\drivers\tdrpman.sys
2008-12-04 08:52 --------- d-----w c:\program files\Common Files\Acronis
2008-12-04 07:49 --------- d-----w c:\program files\AskTBar
2008-12-04 07:46 --------- d-----w c:\program files\Acronis
2007-02-02 09:38 87,608 -c--a-w c:\documents and settings\Peter Mattson\Application Data\ezpinst.exe
2007-02-02 09:38 47,360 -c--a-w c:\documents and settings\Peter Mattson\Application Data\pcouffin.sys
2006-09-26 05:51 93 -c-h--w c:\program files\desktop.ini
2006-06-19 07:22 93,568 -c----w c:\documents and settings\Peter Mattson\Application Data\ezplay.sys
2004-03-11 03:27 40,960 -c----w c:\program files\Uninstall_CDS.exe
2006-07-15 04:32 220 -csh--w c:\windows\dwin.sys
2006-04-14 11:45 4,495 -csh--w c:\windows\rreg64.dll
2006-04-14 11:45 1,249 -csh--w c:\windows\utapi64.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Quick Launch"="c:\progra~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE" [2008-12-04 106496]
"SeaMonkey Quick Launch"="c:\program files\mozilla.org\SeaMonkey\SeaMonkey.exe" [2008-12-04 106496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SUPERAntiSpyware"="e:\program files\SuperAntiSpyware\SUPERAntiSpyware.exe" [2009-01-23 1830128]
"MicroSys-CheckAjour"="e:\program files\Ajour\ChkAjour.exe" [2004-10-30 482816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"@OnlineArmor GUI"="e:\program files\Online Armor\oaui.exe" [2008-12-13 6223048]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-03 165144]
"AcronisTimounterMonitor"="e:\program files\Acronis True Image 11\TimounterMonitor.exe" [2008-04-09 909208]
"Flashget"="e:\program files\FlashGet\flashget.exe" [2007-09-25 2007088]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"TrueImageMonitor.exe"="e:\program files\Acronis True Image 11\TrueImageMonitor.exe" [2008-04-09 2595792]
"WSTray Icon"="e:\dvb web scheduler\DVB Web Scheduler Pro\WSTray.exe" [2007-11-07 86016]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2008-07-11 278264]
"AVG8_TRAY"="e:\avg8~1.0\avgtray.exe" [2009-02-02 1261336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\Peter Mattson\Start Menu\Programs\Startup\
TempCleaner.lnk - c:\program files\TempCleaner\TempCleaner.exe [2004-03-26 346624]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Ghp`amfUbrhLds"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-23 21:52 356352 e:\program files\SuperAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-02 21:22 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=G

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg20.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau relog_ap

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MightyFAX Controller.lnk]
backup=c:\windows\pss\MightyFAX Controller.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTracker Pro.lnk]
backup=c:\windows\pss\VersionTracker Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^avgcc.exe.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^MiniReminder.lnk]
backup=c:\windows\pss\MiniReminder.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Peter Mattson^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a--c--- 2008-11-20 10:06 178688 c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
--a------ 2009-02-02 21:22 1261336 e:\avg8~1.0\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--a------ 2008-08-08 10:16 91432 c:\program files\Cyberlink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
--a------ 2008-10-22 23:51 147968 e:\program files\filehippo.com\UpdateChecker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a--c--- 2007-08-31 12:01 1037736 c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2006-09-11 04:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2008-05-16 14:01 13529088 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-05-16 14:01 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VEngine]
--a------ 2009-01-24 12:41 335616 c:\program files\Comodo\VEngine\VEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2008-12-29 09:59 2908160 e:\winfast\WFDTV\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2008-12-11 10:48 90112 e:\winfast\WFDTV\DTVSchdl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2008-05-16 14:01 1630208 c:\windows\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Acronis\\Agent\\agent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Phone\\Skype.exe"=
"e:\\Phone\\Phone\\Skype.exe"=
"e:\\Program Files\\FlashGet\\FlashGet.exe"=
"e:\\AVG 8.0\\avgupd.exe"=
"e:\\AVG 8.0\\avgemc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"67:UDP"= 67:UDP:DHCP Discovery Service
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"1:TCP"= 1:TCP:Tirminal™[1]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [2008-11-15 134272]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-27 97928]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-01-27 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-01-27 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2009-01-27 28872]
R1 SASDIFSV;SASDIFSV;e:\program files\SuperAntiSpyware\SASDIFSV.SYS [2006-10-10 8944]
R1 SASKUTIL;SASKUTIL;e:\program files\SuperAntiSpyware\SASKUTIL.SYS [2007-02-27 55024]
R3 SASENUM;SASENUM;e:\program files\SuperAntiSpyware\SASENUM.SYS [2006-02-16 4096]
R3 US30Kbd;US30Kbd;c:\windows\system32\drivers\US30Kbd2K.sys [2005-03-31 10464]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [2006-09-13 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [2006-09-13 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [2006-09-13 10496]
R4 AcronisAgent;Acronis Remote Agent;c:\program files\Common Files\Acronis\Agent\agent.exe [2006-07-10 319488]
R4 AcronisBackupServerService;Acronis Backup Server Service;c:\program files\Acronis\BackupServer\backupserver.exe [2006-07-10 9022375]
R4 avg8emc;AVG Free8 E-mail Scanner;e:\avg8~1.0\avgemc.exe [2009-01-27 875288]
R4 avg8wd;AVG Free8 WatchDog;e:\avg8~1.0\avgwdsvc.exe [2009-01-27 231704]
R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-27 76040]
R4 DWSPS;DVB Web Scheduler Pro Service;e:\dvb web scheduler\DVB Web Scheduler Pro\wrapper.exe -s wrapper.conf --> e:\dvb web scheduler\DVB Web Scheduler Pro\wrapper.exe -s wrapper.conf [?]
R4 OAcat;Online Armor Helper Service;e:\program files\Online Armor\oacat.exe [2009-01-27 1402568]
R4 StkSSrv;Syntek DC-112X Service;c:\windows\system32\StkSrv2k.exe [2006-05-28 24576]
R4 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [2006-09-13 167040]
R4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
S3 ip100xp;ASUS NX1001 Network Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2007-12-16 26752]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\drivers\leafnets.sys [2007-05-03 55296]
S3 StkMini;Syntek DC-112X;c:\windows\system32\drivers\StkMini.sys [2006-05-28 787081]
S4 FolderProtectService;FolderProtectService; [x]
S4 NeroMediaHomeService.4;Nero MediaHome 4 Service; [x]
S4 RoxLiveShare10;LiveShare P2P Server 10; [x]
S4 SessionLauncher;SessionLauncher; [x]
S4 SvcOnlineArmor;Online Armor;e:\program files\Online Armor\oasrv.exe [2009-01-27 3321032]

--- Other Services/Drivers In Memory ---

*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-16 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 12:01]

2009-02-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-02-02 c:\windows\Tasks\NeroLiveEpgUpdate-PETER2_Peter-Mattson.job
- e:\nero 9\Nero 9\Nero Live\NeroLive.exe []

2009-02-03 c:\windows\Tasks\RegCure Program Check.job
- e:\program files\RegCure\RegCure.exe [2007-08-02 10:20]

2008-12-31 c:\windows\Tasks\RegCure.job
- e:\program files\RegCure\RegCure.exe [2007-08-02 10:20]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://optusnet.com.au
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.optusnet.com.au/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download All with FlashGet - e:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - e:\program files\FlashGet\jc_link.htm
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Use ViDown to download
Trusted Zone: microsoft.com\www.update
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-03 18:07:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\Hold

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.pps\PersistentHandler]
@DACL=(02 0000)
@="{98de59a0-d175-11cd-a7bd-00006b827d94}"

[HKEY_LOCAL_MACHINE\software\Classes\.rtf\PersistentHandler]
@DACL=(02 0000)
@="{2e2294a9-50d7-4fe7-a09f-e6492e185884}"

[HKEY_LOCAL_MACHINE\software\Classes\.user\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKEY_LOCAL_MACHINE\software\Classes\.xslt\PersistentHandler]
@DACL=(02 0000)
@="{7E9D8D44-6926-426F-AA2B-217A819A5CCE}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\avgrsstx.dll
e:\program files\SuperAntiSpyware\SASWINLO.DLL
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm

- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\avgrsstx.dll
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-02-03 18:10:20
ComboFix-quarantined-files.txt 2009-02-03 07:09:46
ComboFix2.txt 2009-01-26 23:55:03
ComboFix3.txt 2009-01-26 23:36:53

Pre-Run: 17,248,681,984 bytes free
Post-Run: 17,232,097,280 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
317 --- E O F --- 2009-02-03 04:48:12

Tuesday, February 3, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, February 02, 2009 12:08:49
Records in database: 1737409
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 69127
Threat name 1
Infected objects 3
Suspicious objects 0
Duration of the scan 04:44:20

File name Threat name Threats count
C:\Documents and Settings\Peter Mattson\Application Data\Mozilla\Profiles\default\q62cimul.slt\Mail\mail.optusnet.com-2.au\Private In Infected: Virus.VBS.Redlof.a 1
C:\Documents and Settings\Peter Mattson\Application Data\Mozilla\Profiles\Default Alternative\dts6a00f.slt\Mail\mail.optusnet.com-2.au\Private In Infected: Virus.VBS.Redlof.a 1
C:\Documents and Settings\Peter Mattson\Application Data\Mozilla\Profiles\Default User\w20wkwb3.slt\Mail\mail.optusnet.com-2.au\Private In Infected: Virus.VBS.Redlof.a 1
The selected area was scanned.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:22:48 PM, on 3/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Agent\agent.exe
C:\Program Files\Acronis\BackupServer\backupserver.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\AVG8~1.0\avgwdsvc.exe
E:\DVB Web Scheduler\DVB Web Scheduler Pro\wrapper.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\Program Files\Acronis True Image 11\TimounterMonitor.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
E:\AVG8~1.0\avgrsx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Acronis True Image 11\TrueImageMonitor.exe
E:\Program Files\Online Armor\oacat.exe
C:\Program Files\Windows Defender\MSASCui.exe
E:\DVB Web Scheduler\DVB Web Scheduler Pro\WSTray.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\StkSrv2K.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\Program Files\Universal Shield\US30Service.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
E:\AVG8~1.0\avgemc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE
E:\AVG 8.0\avgui.exe
E:\Program Files\Online Armor\oaui.exe
E:\Program Files\Online Armor\oahlp.exe
E:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
E:\Program Files\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://optusnet.com.au
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optusnet.com.au/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\AVG 8.0\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\AVG8~1.0\AVGTOO~1.DLL
O2 - BHO: Comodo VerificationEngine Browser Helper NEW - {A968A4B4-C492-4834-B651-17602C3885C8} - C:\Program Files\Comodo\VEngine\VEngineIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - E:\AVG8~1.0\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [@OnlineArmor GUI] "E:\Program Files\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] E:\Program Files\Acronis True Image 11\TimounterMonitor.exe
O4 - HKLM\..\Run: [Flashget] E:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [OSSelectorReinstall] "C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis True Image 11\TrueImageMonitor.exe
O4 - HKLM\..\Run: [WSTray Icon] E:\DVB Web Scheduler\DVB Web Scheduler Pro\WSTray.exe 8420
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [AVG8_TRAY] E:\AVG8~1.0\avgtray.exe
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE" -turbo
O4 - HKCU\..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MicroSys-CheckAjour] E:\Program Files\Ajour\ChkAjour.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: TempCleaner.lnk = C:\Program Files\TempCleaner\TempCleaner.exe
O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\AVG 8.0\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SuperAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Remote Agent (AcronisAgent) - Acronis - C:\Program Files\Common Files\Acronis\Agent\agent.exe
O23 - Service: Acronis Backup Server Service (AcronisBackupServerService) - Acronis - C:\Program Files\Acronis\BackupServer\backupserver.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\AVG8~1.0\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\AVG8~1.0\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: DVB Web Scheduler Pro Service (DWSPS) - Unknown owner - E:\DVB Web Scheduler\DVB Web Scheduler Pro\wrapper.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - (no file)
O23 - Service: NMSAccessU - Unknown owner - E:\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - E:\Program Files\Online Armor\oacat.exe
O23 - Service: Syntek DC-112X Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkSrv2K.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - E:\Program Files\Online Armor\oasrv.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: US30Service - Unknown owner - E:\Program Files\Universal Shield\US30Service.exe

--
End of file - 10325 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users