Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help with removal of packed.win32.krap.f

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

help with removal of packed.win32.krap.f

Unread postby tnt77 » December 29th, 2008, 11:11 pm

all of a sudden attacked by this and several other trojans and variants which have been quarantined by f secure:
trojan-game thief.win 32. magnai / trojan-game thief.win 32. magnai.anlp // worm32.autorun /worm32.autorun.vck - can't seem to actually eradicate the virus - now having popups advising of .dll issues - any help appreciated TIA

Logfile of HijackThis v1.99.1
Scan saved at 7:06:33 PM, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\T&A\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/Smart ... 080612.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
tnt77
Regular Member
 
Posts: 16
Joined: December 29th, 2008, 10:54 pm
Advertisement
Register to Remove

Re: help with removal of packed.win32.krap.f

Unread postby Bio-Hazard » January 5th, 2009, 10:45 am

Hello!

Sorry for the delay, forum is very busy. If you still need help please post a new HijackThis log.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: help with removal of packed.win32.krap.f

Unread postby tnt77 » January 5th, 2009, 11:20 am

new hijack this log - since my original post I have run Malwarebyte's - 'antimalware' and Ewido which identified a number of threats - but none specifically named as above. TIA

Logfile of HijackThis v1.99.1
Scan saved at 7:16:14 AM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\T&A\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\shaw secure\fsps\program\fslsp.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/Smart ... 080612.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
tnt77
Regular Member
 
Posts: 16
Joined: December 29th, 2008, 10:54 pm

Re: help with removal of packed.win32.krap.f

Unread postby Bio-Hazard » January 5th, 2009, 11:56 am

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settins:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform full scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest


random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Malwarebytes' Anti-Malware Log
  • RSIT Logs, log.txt (<<will be maximized) and info.txt (<<will be minimized
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: help with removal of packed.win32.krap.f

Unread postby tnt77 » January 6th, 2009, 11:45 am

Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.32
Database version: 1623
Windows 5.1.2600 Service Pack 2

1/6/2009 6:44:04 AM
mbam-log-2009-01-06 (06-44-04).txt

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 303214
Time elapsed: 5 hour(s), 15 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

random's system information tool (RS
IT)

info txt.
info.txt logfile of random's system information tool 1.05 2009-01-06 07:24:54

======Uninstall list======

-->"C:\Program Files\Shaw Secure\fsuninst.exe" /UninstRegKey:"News Service"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS2"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ISP News"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure ORSP Client"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\Shaw Secure\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Web Filter"
-->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe"
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1Click DVD Copy 4.1-->"C:\Program Files\LG Software Innovations\1Click DVD Copy 4.1\setup\uninst.exe"
1Click DVD Copy Pro 2.3.1.1-->"C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
AC-3 ACM Decompressor-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AC3ACM.inf
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agatha Christie: And Then There Were None-->"C:\Program Files\Agatha Christie - And Then There Were None\Uninstall.exe"
Agatha Christie: Murder on the Orient Express-->"C:\Program Files\Agatha Christie - Murder on the Orient Express\Uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Azureus-->C:\Program Files\Azureus\Uninstall.exe
Belarc Advisor 6.1-->C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon Camera Access Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
Chocolatier 2: Secret Ingredients-->"C:\Program Files\Chocolatier 2 - Secret Ingredients\Uninstall.exe"
Click'N Design 3D-->C:\PROGRA~1\CLICK'~1\UNWISE.EXE C:\PROGRA~1\CLICK'~1\INSTALL.LOG
Cooking Quest-->"C:\Program Files\Cooking Quest\Uninstall.exe"
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Cucusoft MPEG to DVD Author 1.06-->"C:\Program Files\Cucusoft\DVD-Author\unins000.exe"
Cucusoft MPEG/AVI to DVD/VCD/SVCD/MPEG Converter Pro 5.07-->"C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
Data Lifeguard Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
Dell Photo Printer 720 Logger-->C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
DirectX Media Runtime 5.1-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DXM51.INF,Uninstall.NT
Download Manager 2.3.6-->C:\Program Files\Download Manager\uninst.exe
DQ Tycoon-->"C:\Program Files\DQ Tycoon\Uninstall.exe"
Dream Chronicles ™ 2: The Eternal Maze-->"C:\Program Files\Dream Chronicles 2 - The Eternal Maze\Uninstall.exe"
Duplicate File Finder-->C:\tools\DupFiles\UNWISE.EXE C:\tools\DupFiles\INSTALL.LOG
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DVD43 v4.3.1-->"C:\Program Files\dvd43\unins000.exe"
DVD5R-->"C:\Program Files\InstallShield Installation Information\{0B168FED-B9EC-4DA8-AC17-9A41F284640B}\setup.exe" REMOVEALL
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\setup.exe" -l0x9 -UnInstall
EPSON Event Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\Setup.exe" -l0x9 -u
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Perf 3490 3590 Guide-->C:\Program Files\epson\guide\perf_3490_3590_e\uninstall.exe
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ewido anti-spyware 4.0-->C:\Program Files\ewido anti-spyware 4.0\Uninstall.exe
Family Tree Maker-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88200B70-8473-11D6-A964-00B0D0119A5C}\SETUP.EXE" -l0x9
Folder Lock-->G:\Folder Lock\Uninstall.exe
Free CD to MP3 Converter-->C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
Greetings Workshop-->C:\Program Files\Greetings Workshop\SETUP\setup.exe
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\T&A\Application Data\HouseCall 6.6\uninstaller.exe"
Indeo® software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Development Kit 5.0 Update 3-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150030}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
James Patterson's Women's Murder Club: Death in Scarlet-->"C:\Program Files\James Patterson's Women's Murder Club - Death in Scarlet\Uninstall.exe"
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaLife -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{362BFFCD-8274-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Digital Image Library 9-->C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3225}
Microsoft Digital Image Pro 9-->C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0905}
Microsoft DirectX 9.0 SDK Update (October 2004)-->MsiExec.exe /I{EE03B0F1-7579-4CDD-BA63-BA37A8B9E2DB}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
My Tribe-->"C:\Program Files\My Tribe\Uninstall.exe"
Nancy Drew - Curse of Blackmoor Manor-->"C:\Program Files\Nancy Drew - Curse of Blackmoor Manor\Uninstall.exe"
Nancy Drew - The Haunting of Castle Malloy-->C:\Program Files\Her Interactive\Nancy Drew - The Haunting of Castle Malloy\uninst.exe
Nancy Drew - The Phantom of Venice-->C:\Program Files\Her Interactive\Nancy Drew - The Phantom of Venice\uninst.exe
Nancy Drew: Danger by Design-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Nancy Drew\Danger by Design\setup.exe" -l0x9
Nancy Drew: Legend of the Crystal Skull-->C:\Program Files\InstallShield Installation Information\{24328842-A29C-4FEA-81D3-1929D3A7F1AE}\setup.exe -runfromtemp -l0x0009 -removeonly
Nancy Drew: Secret of Shadow Ranch-->"C:\Program Files\InstallShield Installation Information\{F90210C4-8B06-4744-869C-9F09073C4339}\setup.exe" -runfromtemp -l0x0009 -removeonly
Nancy Drew: The Creature of Kapu Cave-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Nancy Drew\The Creature of Kapu Cave\setup.exe" -l0x9
Nancy Drew: The Curse of Blackmoor Manor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\The Curse of Blackmoor Manor\setup.exe" -l0x9
Nancy Drew: The Final Scene-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\The Final Scene\setup.exe"
Nancy Drew: The Haunted Carousel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Nancy Drew\The Haunted Carousel\setup.exe" -l0x9
NEC-Mitsubishi NaViSet-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}
Nero 7 Essentials-->MsiExec.exe /X{874AF83E-1BF6-4F2B-9086-BF62BDAE1033}
Nero PhotoShow Express-->"C:\Program Files\Ahead\Ahead\data\Xtras\Uninstall.exe"
PCI Audio Driver-->cmuninst.exe
Punch! Master Landscape Pro-->C:\PROGRA~1\PUNCH!~1\UNWISE.EXE C:\PROGRA~1\PUNCH!~1\INSTALL.LOG
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Shaw Secure-->"C:\Program Files\Shaw Secure\FSGUI\PostInstall.exe" /tUnInstall
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sierra Utilities-->C:\Program Files\Sierra On-Line\sutil32.exe uninstall
SigmaTel MSCNMMC Audio Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18420E45-B723-49A5-ACF9-7C132B1CBE53}\setup.exe" -l0x9
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SpongeBob SquarePants - The Movie-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B98D958E-9E59-43B7-B47F-043D45D73EE6}\setup.exe" -l0x9 -uninst
Symantec Network Driver Update-->MsiExec.exe /X{6AF90EF6-F7F9-466C-99F4-1774826FBB40}
The Sims 2 Glamour Life Stuff-->C:\Program Files\EA GAMES\The Sims 2 Glamour Life Stuff\EAUninstall.exe
The Sims 2 Nightlife-->C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Open For Business-->C:\Program Files\EA GAMES\The Sims 2 Open For Business\EAUninstall.exe
The Sims 2 University-->C:\Program Files\EA GAMES\The Sims 2 University\EAUninstall.exe
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe

Log txt.
Logfile of random's system information tool 1.05 (written by random/random)
Run by T&A at 2009-01-06 07:23:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 12 GB (20%) free of 57 GB
Total RAM: 1024 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:38 AM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Shaw Secure\FSGUI\scanwizard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\T&A\Desktop\RSIT.exe
C:\Program Files\trend micro\T&A.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Frame Works] frmwrks32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\T&A\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/Smart ... 080612.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 11736 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Backup.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"=C:\Program Files\Shaw Secure\Common\FSM32.EXE [2008-09-23 182936]
"F-Secure TNB"=C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe [2008-09-23 957024]
"News Service"=C:\Program Files\Shaw Secure\FSGUI\ispnews.exe [2005-05-31 356352]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-06-08 29696]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-02-12 1620480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-02-12 1050112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2008-04-09 826880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2005-04-08 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBTUCopy]
C:\Program Files\VBTUCopy\VBTUCopy.exe [2005-01-27 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe -user_logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
C:\PROGRA~1\DELLPH~1\dlbcserv.exe [2005-01-08 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\KEM.exe [2004-07-15 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T&A^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
C:\PROGRA~1\GREETI~1\GWREMIND.EXE [1997-09-03 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [2006-06-16 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\system32\srrstr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=FFFFFFFF
"NoDriveTypeAutoRun"=36

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kazaa Lite K++\Kazaa.kpp"="C:\Program Files\Kazaa Lite K++\Kazaa.kpp:*:Enabled:Kazaa"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\eXeem\eXeem.exe"="C:\Program Files\eXeem\eXeem.exe:*:Enabled:eXeem"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\T&A\Desktop\nancy drew short cuts\BitDownload\BitDownload.exe"="C:\Documents and Settings\T&A\Desktop\nancy drew short cuts\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-01-06 07:23:48 ----D---- C:\Program Files\trend micro
2009-01-06 07:23:47 ----D---- C:\rsit
2008-12-31 23:24:09 ----D---- C:\Documents and Settings\T&A\Application Data\Malwarebytes
2008-12-31 23:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-31 23:23:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 18:52:13 ----D---- C:\Program Files\Hijackthis
2008-12-25 13:52:53 ----RASHD---- C:\autorun.inf
2008-12-23 22:09:25 ----D---- C:\ComboFix
2008-12-23 22:09:16 ----A---- C:\WINDOWS\system32\CF22035.exe
2008-12-23 22:06:15 ----D---- C:\WINDOWS\ERDNT
2008-12-23 22:06:15 ----D---- C:\Qoobox
2008-12-23 22:06:11 ----A---- C:\WINDOWS\system32\CF21408.exe
2008-12-21 19:56:22 ----D---- C:\Program Files\DQ Tycoon
2008-12-18 07:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-12 23:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 23:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 23:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 23:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 23:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 09:05:39 ----D---- C:\Program Files\iPod
2008-12-10 09:05:33 ----D---- C:\Program Files\iTunes
2008-12-10 09:05:33 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

======List of files/folders modified in the last 1 months======

2009-01-06 07:23:48 ----RAD---- C:\Program Files
2009-01-06 07:23:33 ----D---- C:\WINDOWS\Prefetch
2009-01-06 07:21:01 ----D---- C:\Program Files\Mozilla Firefox
2009-01-06 04:38:42 ----D---- C:\WINDOWS\Temp
2009-01-05 21:05:33 ----D---- C:\WINDOWS\system32\drivers
2009-01-05 10:08:10 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-05 10:07:59 ----D---- C:\WINDOWS\system32\ias
2009-01-05 07:39:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-03 21:08:45 ----A---- C:\WINDOWS\dellstat.ini
2009-01-01 17:45:16 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-01 10:25:08 ----D---- C:\WINDOWS\system32
2009-01-01 00:14:06 ----D---- C:\WINDOWS
2008-12-31 17:19:18 ----D---- C:\Program Files\MyPublisher
2008-12-31 16:51:55 ----D---- C:\Program Files\ewido anti-spyware 4.0
2008-12-25 18:48:49 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-25 17:14:18 ----HD---- C:\WINDOWS\inf
2008-12-24 10:34:47 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-23 19:33:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-23 19:29:25 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-12-23 00:49:24 ----D---- C:\WINDOWS\system32\Adobe
2008-12-18 07:11:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 07:09:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 22:33:01 ----D---- C:\Program Files\The Learning Company
2008-12-17 21:30:53 ----D---- C:\Program Files\Shaw Secure
2008-12-13 23:02:07 ----D---- C:\Documents and Settings\T&A\Application Data\Azureus
2008-12-13 06:25:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-12 23:13:45 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 23:13:02 ----D---- C:\Program Files\Internet Explorer
2008-12-12 23:12:33 ----SHD---- C:\WINDOWS\Installer
2008-12-12 23:12:33 ----D---- C:\Config.Msi
2008-12-12 18:11:05 ----D---- C:\Program Files\My Tribe
2008-12-12 09:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 09:06:38 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-10 09:05:37 ----D---- C:\Program Files\Common Files\Apple
2008-12-10 09:02:40 ----D---- C:\Program Files\QuickTime
2008-12-10 08:51:24 ----D---- C:\Program Files\Safari
2008-12-09 15:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 20:29:32 ----D---- C:\Documents and Settings\T&A\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2003-03-06 3840]
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-02-12 31360]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-02-12 33792]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-05-21 267328]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 windrvNT;windrvNT; \??\C:\WINDOWS\system32\windrvNT.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2008-05-10 18816]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
R3 LHidUsbK;Logitech SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-06-08 71533]
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys [2004-06-08 14975]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2005-01-03 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-11-15 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-26 10368]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver; C:\WINDOWS\System32\DRIVERS\SMC1211.SYS [2001-07-11 23153]
R3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-06-16 136832]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2001-09-13 10112]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2001-09-13 39328]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-02-12 112384]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 am58dz46;am58dz46; C:\WINDOWS\system32\drivers\am58dz46.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 catchme;catchme; \??\C:\DOCUME~1\T&A\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-04-10 5088]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600]
S3 i740;i740; C:\WINDOWS\System32\DRIVERS\i740nt5.sys [2001-08-17 58592]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2004-06-08 13105]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-06-08 54817]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
S3 Rio8Drv;Rio800 driver; C:\WINDOWS\System32\Drivers\Rio8Drv.sys [2002-08-29 12032]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2004-05-21 11040]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2004-05-21 170368]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2004-05-21 30848]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040407.001\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2004-05-21 47328]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-05-21 25792]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2001-09-13 19360]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2001-09-13 5728]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2004-08-03 73472]
S4 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe [2006-06-16 172032]
R2 F-Secure Gatekeeper Handler Starter;F-Secure Gatekeeper Handler Starter; C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe [2008-09-23 215648]
R2 FSMA;FSMA; C:\Program Files\Shaw Secure\Common\FSMA32.EXE [2008-09-23 117400]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-02-12 924160]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe [2008-09-23 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe [2008-09-23 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe [2008-09-23 55904]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-10-26 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-03-28 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-05-21 206048]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-22 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------


Computer behavior

computer will no longer restart via 'start' - 'turn off computer' - 'restart' method - it only shuts off then has to be manually restarted
f secure - indicates this a.m. - after running Malwarebyte's anti-malware - request to quarantine - adware.win32.gator
when attempt to view Malwarebytes logs - to view previous scans - i receive an error code
computer speed increased greatly after my initial scan with Malwarebytes anti-malware and ewido - but still seeing large spikes of CPU usage to 100% (under taskmanager) with few applications running

Thanks
tnt77
Regular Member
 
Posts: 16
Joined: December 29th, 2008, 10:54 pm

Re: help with removal of packed.win32.krap.f

Unread postby Bio-Hazard » January 6th, 2009, 6:56 pm

Use of P2P (Person to Person) file sharing programs

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we felt we needed to change our policy on the use of P2P file sharing programs.
  • If your helper detects the presence of such programs on your computer he/she will ask you to remove them. We will withdraw our help should you not agree to their removal.
  • If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.

We do not ask you to do this without reason.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.

You have the following P-2-P program(s) installed
LimeWire 4.18.3
Azureus


This is how you uninstall it/them:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    LimeWire 4.18.3
    Azureus

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: help with removal of packed.win32.krap.f

Unread postby tnt77 » January 8th, 2009, 12:54 am

Both P2p have been uninstalled. I had checked in the above noted "Good & Bad P2P"programs and saw them as clean

thanks for the help
tnt77
Regular Member
 
Posts: 16
Joined: December 29th, 2008, 10:54 pm

Re: help with removal of packed.win32.krap.f

Unread postby Bio-Hazard » January 9th, 2009, 3:29 pm

Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

HOW TO USE COMBOFIX

IMPORTANT: combofix.exe MUST be on your Desktop for us to proceed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Double click on ComboFix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

NOTE: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Image


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Image

  • Click on Yes, to continue scanning for malware.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Combofix should never take more that 20 minutes including the reboot if malware is detected.


Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: help with removal of packed.win32.krap.f

Unread postby tnt77 » January 9th, 2009, 7:57 pm

I have tried a number of times - after following guide and tutorial, to run Combo-Fix with no success. When I run program I simply get a blue screen with flashing cursor - i have left running for 30 minutes and do not receive any messages - ie Combo-fix is preparing to run. I have disabled all virus / firewall prior to running. Each time the system get "hung up" and I have no access to other programs / - am unable to end task and subsequently have to 'hard' reboot in order to start again. I have re-downloaded Combo -fix once more - re ran with same result.
tnt77
Regular Member
 
Posts: 16
Joined: December 29th, 2008, 10:54 pm

Re: help with removal of packed.win32.krap.f

Unread postby Bio-Hazard » January 10th, 2009, 8:19 am

Hello!

Sorry to hear about the troubles you had. Delete the Combofix you have and follow these instructions.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image


Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: help with removal of packed.win32.krap.f

Unread postby tnt77 » January 10th, 2009, 10:23 pm

been an extremely long day trying to get Combo fix to run to completion - which never occured, I eventually ran from safe mode and had it run to completed stage 50
then stopped at the following message
C:\windows\system 32\" ' is not recognized as am internal or external command, operable program or batch file
there was no further messages after leaving cpu sit in safe mode for another hour. Ran combofix on a second computer and received the exact same message - and "hung up computer" - it did advise of the deleting of several files before entering stages - such as
c:\windows\system32\mcans32
c:\windows\system32\msexcl35
c:\windows\system32\hus35
c:\windows\system32\pdox35
and several others such as G:\autorun.inf which I have tried to quarantine and delete a number of times
the only combo fix log was:
ComboFix 09-01-10.01 - T&A 2009-01-10 16:44:22.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1024.796 [GMT -8:00]
Running from: C:\Documents and Settings\T&A\Desktop\Combo-Fix.exe
AV: Shaw Secure 8.00 *On-access scanning disabled* (Updated)
FW: Shaw Secure 8.00 *disabled*

when I last rebooted firefox was no longer my webbrowser (reverted to IE) and my fsecure firewall will no longer enable. do I need a anti-rootkit?

latest HIjack this log:
Logfile of random's system information tool 1.05 (written by random/random)
Run by T&A at 2009-01-10 18:19:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 13 GB (22%) free of 57 GB
Total RAM: 1024 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19, on 2009-01-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Shaw Secure\Common\FSMA32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Shaw Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Shaw Secure\Common\FCH32.EXE
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Shaw Secure\Common\FAMEH32.EXE
C:\Program Files\Shaw Secure\Anti-Virus\fsqh.exe
C:\Program Files\Shaw Secure\FSPC\fspc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Shaw Secure\Anti-Virus\fssm32.exe
C:\Program Files\Shaw Secure\FSAUA\program\fsus.exe
C:\Program Files\Shaw Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Shaw Secure\Common\FSM32.EXE
C:\Program Files\Shaw Secure\FSGUI\ispnews.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Shaw Secure\FSGUI\fsguidll.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\T&A\Desktop\RSIT.exe
C:\Program Files\trend micro\T&A.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.ca/
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Shaw Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Shaw Secure\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Frame Works] frmwrks32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [HP Deskjet 500] HP_DeskJet_500.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Shaw Secure\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\T&A\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://fulfillment.puretracks.com/onager.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-U ... E_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {76716694-EADA-4810-8C3B-4826328A317F} (SmartCouponPrinter Control) - http://content.dll1.com/Connectus/Smart ... 080612.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Shaw Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 11745 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Backup.job
C:\WINDOWS\tasks\Disk Cleanup.job
C:\WINDOWS\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\SOFTWARE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"=C:\Program Files\Shaw Secure\Common\FSM32.EXE [2008-09-23 182936]
"F-Secure TNB"=C:\Program Files\Shaw Secure\FSGUI\TNBUtil.exe [2008-09-23 957024]
"News Service"=C:\Program Files\Shaw Secure\FSGUI\ispnews.exe [2005-05-31 356352]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2004-06-08 29696]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-02-12 1620480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-02-12 1050112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
Mixer.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2008-04-09 826880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe [2005-04-08 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-07 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VBTUCopy]
C:\Program Files\VBTUCopy\VBTUCopy.exe [2005-01-27 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe -user_logon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
C:\PROGRA~1\DELLPH~1\dlbcserv.exe [2005-01-08 315392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
C:\PROGRA~1\Logitech\SetPoint\KEM.exe [2004-07-15 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^T&A^Start Menu^Programs^Startup^Greetings Workshop Reminders.lnk]
C:\PROGRA~1\GREETI~1\GWREMIND.EXE [1997-09-03 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-09-29 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll [2006-06-16 73728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Kazaa Lite K++\Kazaa.kpp"="C:\Program Files\Kazaa Lite K++\Kazaa.kpp:*:Enabled:Kazaa"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe"="C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\Program Files\eXeem\eXeem.exe"="C:\Program Files\eXeem\eXeem.exe:*:Enabled:eXeem"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Morpheus\Morpheus.exe"="C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell"
"C:\Program Files\SightSpeed\SightSpeed.exe"="C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\T&A\Desktop\nancy drew short cuts\BitDownload\BitDownload.exe"="C:\Documents and Settings\T&A\Desktop\nancy drew short cuts\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2009-01-10 16:49:34 ----D---- C:\WINDOWS\temp
2009-01-10 16:43:48 ----D---- C:\Combo-Fix
2009-01-10 16:43:46 ----A---- C:\WINDOWS\system32\CF23389.exe
2009-01-10 15:38:11 ----A---- C:\WINDOWS\system32\CF10474.exe
2009-01-10 15:04:48 ----A---- C:\WINDOWS\system32\CF3998.exe
2009-01-10 15:02:17 ----A---- C:\WINDOWS\system32\CF3505.exe
2009-01-10 14:25:39 ----A---- C:\Boot.bak
2009-01-10 14:25:34 ----RASHD---- C:\cmdcons
2009-01-10 14:07:14 ----A---- C:\WINDOWS\system32\CF25425.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\zip.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\VFIND.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\SWSC.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\SWREG.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\sed.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\grep.exe
2009-01-10 13:52:01 ----A---- C:\WINDOWS\fdsv.exe
2009-01-10 13:51:54 ----A---- C:\WINDOWS\system32\CF22483.exe
2009-01-10 13:08:05 ----A---- C:\WINDOWS\system32\CF13894.exe
2009-01-10 10:58:42 ----A---- C:\WINDOWS\system32\CF21308.exe
2009-01-09 15:33:27 ----D---- C:\ComboFix
2009-01-09 15:33:27 ----A---- C:\WINDOWS\system32\CF22378.exe
2009-01-09 15:29:32 ----A---- C:\WINDOWS\system32\CF21604.exe
2009-01-09 15:07:21 ----A---- C:\WINDOWS\system32\CF17261.exe
2009-01-09 14:28:44 ----A---- C:\WINDOWS\system32\CF9701.exe
2009-01-09 14:07:40 ----A---- C:\WINDOWS\system32\CF5563.exe
2009-01-06 07:23:48 ----D---- C:\Program Files\trend micro
2009-01-06 07:23:47 ----D---- C:\rsit
2008-12-31 23:24:09 ----D---- C:\Documents and Settings\T&A\Application Data\Malwarebytes
2008-12-31 23:23:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-31 23:23:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 18:52:13 ----D---- C:\Program Files\Hijackthis
2008-12-25 13:52:53 ----RASHD---- C:\autorun.inf
2008-12-23 22:09:16 ----A---- C:\WINDOWS\system32\CF22035.exe
2008-12-23 22:06:15 ----D---- C:\WINDOWS\ERDNT
2008-12-23 22:06:15 ----D---- C:\Qoobox
2008-12-23 22:06:11 ----A---- C:\WINDOWS\system32\CF21408.exe
2008-12-21 19:56:22 ----D---- C:\Program Files\DQ Tycoon
2008-12-18 07:11:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-12 23:13:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 23:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 23:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-12 23:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 23:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

======List of files/folders modified in the last 1 months======

2009-01-10 18:19:08 ----D---- C:\WINDOWS\Prefetch
2009-01-10 17:51:24 ----D---- C:\Program Files\Mozilla Firefox
2009-01-10 17:42:13 ----D---- C:\WINDOWS\system32\ias
2009-01-10 16:49:34 ----D---- C:\WINDOWS
2009-01-10 16:47:43 ----D---- C:\WINDOWS\system32\drivers
2009-01-10 16:47:43 ----D---- C:\WINDOWS\system32
2009-01-10 16:47:40 ----D---- C:\WINDOWS\AppPatch
2009-01-10 16:47:40 ----D---- C:\Program Files\Common Files
2009-01-10 16:44:25 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-10 15:38:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-10 14:25:39 ----RASH---- C:\boot.ini
2009-01-10 14:00:17 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-10 13:59:10 ----SHD---- C:\System Volume Information
2009-01-10 13:59:10 ----D---- C:\WINDOWS\system32\Restore
2009-01-10 10:54:20 ----RAD---- C:\Program Files
2009-01-10 10:54:20 ----D---- C:\Documents and Settings\T&A\Application Data\IGN_DLM
2009-01-09 15:00:34 ----A---- C:\WINDOWS\dellstat.ini
2009-01-07 20:50:48 ----D---- C:\Program Files\LimeWire
2009-01-07 20:50:19 ----D---- C:\Program Files\Azureus
2009-01-07 15:53:19 ----D---- C:\Documents and Settings\T&A\Application Data\LimeWire
2008-12-31 17:19:18 ----D---- C:\Program Files\MyPublisher
2008-12-31 16:51:55 ----D---- C:\Program Files\ewido anti-spyware 4.0
2008-12-25 18:48:49 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-25 17:14:18 ----HD---- C:\WINDOWS\inf
2008-12-24 10:34:47 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-12-23 19:33:26 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-23 19:29:25 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-12-23 00:49:24 ----D---- C:\WINDOWS\system32\Adobe
2008-12-18 07:11:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-18 07:09:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-17 22:33:01 ----D---- C:\Program Files\The Learning Company
2008-12-17 21:30:53 ----D---- C:\Program Files\Shaw Secure
2008-12-13 23:02:07 ----D---- C:\Documents and Settings\T&A\Application Data\Azureus
2008-12-13 06:25:16 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-12 23:13:45 ----A---- C:\WINDOWS\imsins.BAK
2008-12-12 23:13:02 ----D---- C:\Program Files\Internet Explorer
2008-12-12 23:12:33 ----SHD---- C:\WINDOWS\Installer
2008-12-12 23:12:33 ----D---- C:\Config.Msi
2008-12-12 18:11:05 ----D---- C:\Program Files\My Tribe
2008-12-12 09:33:23 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-03 37376]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2003-03-06 3840]
R1 ewido anti-spyware 4.0 driver;ewido anti-spyware 4.0 driver; \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys []
R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-02-12 31360]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-02-12 33792]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-05-21 267328]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2007-09-29 2456064]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-18 377358]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2008-05-10 18816]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Shaw Secure\Anti-Virus\minifilter\fsgk.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2004-06-08 24637]
R3 LHidUsbK;Logitech SetPoint USB Receiver Device Driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2004-06-08 38081]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-06-08 71533]
R3 LUsbKbd;Logitech SetPoint USB Keyboard Filter; C:\WINDOWS\System32\Drivers\LUsbKbd.Sys [2004-06-08 14975]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2005-01-03 28352]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2006-11-15 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-26 10368]
R3 SMC1211;SMC EZ Card 10/100 PCI (SMC1211 Series) NT 5.0 Driver; C:\WINDOWS\System32\DRIVERS\SMC1211.SYS [2001-07-11 23153]
R3 SoC PC-Camera Service;SoC PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-06-16 136832]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2001-09-13 10112]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2001-09-13 39328]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-02-12 112384]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 a5lps85y;a5lps85y; C:\WINDOWS\system32\drivers\a5lps85y.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-03 71552]
S3 catchme;catchme; \??\C:\DOCUME~1\T&A\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-04-10 5088]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-29 9600]
S3 i740;i740; C:\WINDOWS\System32\DRIVERS\i740nt5.sys [2001-08-17 58592]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2004-06-08 13105]
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-06-08 54817]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NPDriver;Norton Unerase Protection Driver; \??\C:\WINDOWS\System32\Drivers\NPDRIVER.SYS []
S3 Rio8Drv;Rio800 driver; C:\WINDOWS\System32\Drivers\Rio8Drv.sys [2002-08-29 12032]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2004-05-21 11040]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2004-05-21 170368]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2004-05-21 30848]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040407.001\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2004-05-21 47328]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-05-21 25792]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2001-09-13 19360]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2001-09-13 5728]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Shaw Secure\Anti-Virus\Win2K\FSrec.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-29 483328]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 ewido anti-spyware 4.0 guard;ewido anti-spyware 4.0 guard; C:\Program Files\ewido anti-spyware 4.0\guard.exe [2006-06-16 172032]
R2 F-Secure Gatekeeper Handler Starter;F-Secure Gatekeeper Handler Starter; C:\Program Files\Shaw Secure\Anti-Virus\fsgk32st.exe [2008-09-23 215648]
R2 FSMA;FSMA; C:\Program Files\Shaw Secure\Common\FSMA32.EXE [2008-09-23 117400]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-02-12 924160]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 NProtectService;Norton Unerase Protection; C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE [2002-08-14 135168]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Shaw Secure\FSAUA\program\fsaua.exe [2008-09-23 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Shaw Secure\FWES\Program\fsdfwd.exe [2008-09-23 510560]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Shaw Secure\ORSP Client\fsorsp.exe [2008-09-23 55904]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2004-10-26 516096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2008-03-28 165416]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-05 774144]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-05-21 206048]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2004-09-22 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]

-----------------EOF-----------------


.
tnt77
Regular Member
 
Posts: 16
Joined: December 29th, 2008, 10:54 pm

Re: help with removal of packed.win32.krap.f

Unread postby Bio-Hazard » January 11th, 2009, 8:16 am

Hello!

I am sorry that you are having problems.

There was a bug in Combofix which has now been fixed, so please delete the older version and download the new version and rename it aswell.

Using Gmer

Please download Gmer by Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.
  • Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  • In Command Prompt, type in net stop gmer. Press Enter.
  • Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: help with removal of packed.win32.krap.f

Unread postby tnt77 » January 11th, 2009, 3:49 pm

Gmer log:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-11 11:35:47
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF76E60D0]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcess [0xF5FDBC26]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateProcessEx [0xF5FDBC40]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwCreateThread [0xF5FDADE4]
SSDT sptd.sys ZwEnumerateKey [0xF76EBE2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF76EC1BA]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwLoadDriver [0xF5FDB10C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwMapViewOfSection [0xF5FDAB30]
SSDT sptd.sys ZwOpenKey [0xF76E60B0]
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess [0xF7EB38AC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwOpenSection [0xF5FDB53E]
SSDT sptd.sys ZwQueryKey [0xF76EC292]
SSDT sptd.sys ZwQueryValueKey [0xF76EC112]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwRenameKey [0xF5FDC7DC]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSetSystemInformation [0xF5FDB38E]
SSDT sptd.sys ZwSetValueKey [0xF76EC324]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendProcess [0xF5FDA9B6]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSuspendThread [0xF5FDAE18]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwSystemDebugControl [0xF5FDAF92]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateProcess [0xF5FDA916]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwTerminateThread [0xF5FDAA6C]
SSDT \??\C:\Program Files\Shaw Secure\HIPS\drivers\fshs.sys (F-Secure HIPS 32-bit Driver/F-Secure Corporation) ZwWriteVirtualMemory [0xF5FDAEDC]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [ B6, A9, FD, F5, 18, AE, FD, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F5C7C62C 5 Bytes JMP 86EBD1C8
? System32\Drivers\a83ooqgx.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + FFFFCF75 76BF10ED 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + FFFFCF8E 76BF1106 12 Bytes [ 00, 00, F1, 10, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + FFFFCF9D 76BF1115 14 Bytes [ 00, BF, 76, 00, 10, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + FFFFCFAC 76BF1124 2 Bytes [ 05, 00 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + FFFFCFAF 76BF1127 3 Bytes [ 00, 04, 00 ]
.text ...
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameA + B 76BF1489 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameA + 27 76BF14A5 46 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameA + 57 76BF14D5 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameA + 77 76BF14F5 3 Bytes [ 00, 00, 00 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameA + 7B 76BF14F9 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumDeviceDrivers + 5 76BF1646 46 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumDeviceDrivers + 35 76BF1676 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumDeviceDrivers + 4E 76BF168F 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumDeviceDrivers + 55 76BF1696 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumDeviceDrivers + 61 76BF16A2 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleFileNameExW + 17 76BF178E 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleFileNameExW + 30 76BF17A7 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleFileNameExW + 36 76BF17AD 42 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleFileNameExW + 61 76BF17D8 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleFileNameExW + 6C 76BF17E3 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverFileNameA + B 76BF1CF8 106 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverFileNameA + 76 76BF1D63 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverFileNameW + D 76BF1D75 43 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverFileNameW + 39 76BF1DA1 1 Byte [ 00 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverFileNameW + 3B 76BF1DA3 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverFileNameW + 57 76BF1DBF 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameW + D 76BF1DD1 43 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameW + 39 76BF1DFD 1 Byte [ 00 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameW + 3B 76BF1DFF 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetDeviceDriverBaseNameW + 57 76BF1E1B 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetMappedFileNameW + B 76BF1E2B 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetMappedFileNameW + 23 76BF1E43 111 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetMappedFileNameW + 93 76BF1EB3 99 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetMappedFileNameA + 5F 76BF1F17 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcessModules + 5 76BF1F21 49 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcessModules + 39 76BF1F55 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcessModules + 5A 76BF1F76 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcessModules + 78 76BF1F94 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcessModules + A4 76BF1FC0 47 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleFileNameExA + 38 76BF20AD 69 Bytes [ 9B, 80, 7C, C1, AB, 80, 7C, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleBaseNameW + 16 76BF20F3 64 Bytes [ 55, 8B, EC, 8B, 45, 0C, 83, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleBaseNameW + 57 76BF2134 21 Bytes [ EC, 83, EC, 10, A1, 20, 50, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleBaseNameW + 6D 76BF214A 216 Bytes [ 0F, 84, E5, 0A, 00, 00, F7, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleInformation + 61 76BF2223 38 Bytes [ 00, 5B, 13, 00, 00, 6E, 13, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleInformation + 88 76BF224A 5 Bytes [ 00, 00, 2B, 14, 00 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetModuleInformation + 8E 76BF2250 118 Bytes [ 40, 14, 00, 00, 4D, 14, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EmptyWorkingSet + 66 76BF22C7 166 Bytes [ 45, 6E, 75, 6D, 50, 61, 67, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!QueryWorkingSet + A2 76BF236E 56 Bytes [ 47, 65, 74, 4D, 61, 70, 70, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!QueryWorkingSet + DB 76BF23A7 193 Bytes [ 47, 65, 74, 4D, 6F, 64, 75, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!QueryWorkingSet + 19E 76BF246A 20 Bytes [ 75, 65, 72, 79, 57, 6F, 72, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!QueryWorkingSet + 1B3 76BF247F 113 Bytes [ FF, 55, 8B, EC, 81, EC, 20, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!QueryWorkingSet + 225 76BF24F1 2 Bytes [ EE, 00 ]
.text ...
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcesses + BE 76BF3B58 26 Bytes [ 8B, FF, 55, 8B, EC, 8B, 45, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcesses + D9 76BF3B73 7 Bytes [ B9, A0, 86, 01, 00, 3B, C1 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcesses + E1 76BF3B7B 16 Bytes [ 0C, 56, 33, D2, 8B, F1, F7, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumProcesses + F2 76BF3B8C 239 Bytes [ 00, 33, D2, F7, F1, 8B, 4D, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetProcessMemoryInfo + 97 76BF3C7C 82 Bytes [ FC, B8, 01, 00, 00, C0, E9, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetProcessMemoryInfo + EB 76BF3CD0 23 Bytes [ 8D, 85, E4, FD, FF, FF, 50, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!InitializeProcessForWsWatch + F 76BF3CE8 24 Bytes [ FF, 50, FF, B5, 80, FB, FF, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!InitializeProcessForWsWatch + 28 76BF3D01 29 Bytes [ 3B, 05, B8, 5C, BF, 76, 0F, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetWsChanges + 2 76BF3D1F 32 Bytes [ 6B, C0, 34, 8B, 88, 78, 6D, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetWsChanges + 23 76BF3D40 10 Bytes [ 89, 95, 94, FB, FF, FF, 80, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetWsChanges + 2F 76BF3D4C 28 Bytes [ 00, 74, 0C, 8B, 80, 7C, 6D, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetProcessImageFileNameW + 12 76BF3D69 100 Bytes [ 76, 11, 83, AD, 94, FB, FF, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetProcessImageFileNameW + 77 76BF3DCE 66 Bytes [ 6C, 6D, BF, 76, 01, 00, 00, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetProcessImageFileNameA + 2C 76BF3E11 42 Bytes [ 50, 8D, 85, E4, FD, FF, FF, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetProcessImageFileNameA + 57 76BF3E3C 54 Bytes [ FF, 80, 3D, C8, 5C, BF, 76, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetPerformanceInfo + A 76BF3E73 66 Bytes [ 0F, 84, C7, 05, 00, 00, 2B, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetPerformanceInfo + 4E 76BF3EB7 47 Bytes [ 35, 28, 50, BF, 76, 8D, 85, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetPerformanceInfo + 7E 76BF3EE7 119 Bytes [ 8B, 4B, 04, 8B, 15, 28, 50, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetPerformanceInfo + F6 76BF3F5F 27 Bytes [ 73, 04, 83, C3, 14, 53, FF, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!GetPerformanceInfo + 112 76BF3F7B 2 Bytes [ FF, 50 ]
.text ...
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesW + 2C 76BF4035 19 Bytes [ 94, FB, FF, FF, 0F, 83, F4, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesW + 40 76BF4049 78 Bytes [ 8B, D0, 2B, 95, 7C, FB, FF, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesW + 8F 76BF4098 20 Bytes [ 50, FF, D7, 83, C4, 10, EB, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesW + A4 76BF40AD 3 Bytes [ 85, 84, FB ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesW + A8 76BF40B1 27 Bytes [ FF, 50, 53, 8B, 85, A0, FB, ... ]
.text ...
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + 26 76BF419E 3 Bytes [ 75, 45, 39 ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + 2A 76BF41A2 43 Bytes [ 98, FB, FF, FF, 75, 3D, 53, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + 56 76BF41CE 5 Bytes [ 50, FF, B5, 80, FB ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + 62 76BF41DA 25 Bytes [ 8B, 1D, 58, 54, BF, 76, E9, ... ]
.text C:\Program Files\ewido anti-spyware 4.0\guard.exe[244] PSAPI.DLL!EnumPageFilesA + 7C 76BF41F4 6 Bytes [ 70, 04, 83, C0, 14, 50 ]
.text ...

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F76FC886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76FC832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F771E892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F76FC886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F76E6AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F76E6C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76E6B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76E7748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76E761E] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 873631E8

AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \FileSystem\Fastfat \FatCdrom 86CDC7A0
Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 86E6C530
Device \Driver\dmio \Device\DmControl\DmIoDaemon 873D21E8
Device \Driver\dmio \Device\DmControl\DmConfig 873D21E8
Device \Driver\dmio \Device\DmControl\DmPnP 873D21E8
Device \Driver\dmio \Device\DmControl\DmInfo 873D21E8
Device \Driver\usbuhci \Device\USBPDO-1 86E6C530
Device \Driver\usbuhci \Device\USBPDO-2 86E6C530
Device \Driver\usbuhci \Device\USBPDO-3 86E6C530
Device \Driver\usbehci \Device\USBPDO-4 86E7F7A0
Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 873651E8
Device \Driver\PCI_NTPNP6226 \Device\00000058 sptd.sys
Device \Driver\PCI_NTPNP6226 \Device\00000058 sptd.sys
Device pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation)
Device \Driver\Cdrom \Device\CdRom0 86C15510
Device \Driver\Ftdisk \Device\HarddiskVolume2 873651E8
Device \Driver\Cdrom \Device\CdRom1 86C15510
Device \Driver\NetBT \Device\NetBT_Tcpip_{60EC3129-E596-4A23-9635-AEA27348448D} 86BB47A0
Device 873641E8
Device \Driver\atapi \Device\Ide\IdePort0 873641E8
Device \Driver\atapi \Device\Ide\IdePort1 873641E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86BB47A0
Device \Driver\NetBT \Device\NetbiosSmb 86BB47A0
Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 86E6C530
Device \Driver\usbuhci \Device\USBFDO-1 86E6C530
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A667A0
Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
Device \Driver\usbehci \Device\USBFDO-2 86E7F7A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86A667A0
Device \Driver\usbuhci \Device\USBFDO-3 86E6C530
Device \Driver\usbuhci \Device\USBFDO-4 86E6C530
Device \Driver\Ftdisk \Device\FtControl 873651E8
Device \Driver\a83ooqgx \Device\Scsi\a83ooqgx1Port2Path0Target0Lun0 86C3B7A0
Device \Driver\a83ooqgx \Device\Scsi\a83ooqgx1 86C3B7A0
Device \FileSystem\Fastfat \Fat 86CDC7A0

AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG)

Device \FileSystem\Cdfs \Cdfs 86CDE7A0

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0x4D 0xC7 0x9E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0x23 0x98 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x60 0xAE 0x80 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x10 0x0D 0x9C 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE3 0x4D 0xC7 0x9E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3B 0x23 0x98 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x60 0xAE 0x80 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x10 0x0D 0x9C 0x87 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.14 ----
tnt77
Regular Member
 
Posts: 16
Joined: December 29th, 2008, 10:54 pm

Re: help with removal of packed.win32.krap.f

Unread postby Bio-Hazard » January 12th, 2009, 5:52 pm

Hello!
Could you please try to run Combofix again.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: help with removal of packed.win32.krap.f

Unread postby tnt77 » January 13th, 2009, 1:44 am

still :cry: no satisfaction from Combofix - I'm done with it- deleted old files / downloaded again a couple more times -tried from safe mode again and it hung at the same point it did previously. Seems to mess up my restarts such that I'm afraid I will need new power supply from all the weird hardboots. Now the machine powers on, then when I let pressure off the button, the unit shuts down. or it will hang on the "windows is shutting down" message but not actually shut down... good times

I have run Panda anti-root kit and found no infections but running a Panda Activescan 2.0 now - at this point indicates 31 files infected with 25 % of the files scanned. I will probably run Sophos Anti-root after this as well for good measure then -it might be time, I guess, to perhaps give up on my own PC virus repair
tnt77
Regular Member
 
Posts: 16
Joined: December 29th, 2008, 10:54 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: ataa92 and 55 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware