Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Undying Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Undying Malware

Unread postby MichaelHesse » August 11th, 2009, 6:06 am

I have been having major issues with malware/spyware for a week now and I can not seem to completely eliminate it. I had somehow contracted Windows Antivirus Pro, but I eliminated it with Malwarebyte's Anti Malware, but it returned. I continualy removed it, but it still reemerges now and then. When I open a search page from google, it is frequently hijacked. I ran spyware terminator, spyware doctor, and even ad-aware in addition to Malwarebyte's Anti Malware, but none of them could identify the entirety of the issue. It appeared to be fully removed today after an update to the last software, and I began to play a game (offline) on my pc. It crashed and as I attempted to reopen, windows told me that a neccessary file was corrupt and to run chkdsk. I then attempted to run chkdsk, but it would not run, even after reboot. I followed this by attempting to repair windows with the windows disk, and ran chkdsk that way, which removed the dirty flag. Even after this, I still am unable to run chkdsk in windows even if only to check if there are any issues, and I am further prevented from even analysing with the built in Defragmenter. I also attempted running both in command prompt and windows yet both failed. I am using a router. Please help me to solve this issue.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:30 AM, on 8/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [wusesewepi] Rundll32.exe "C:\WINDOWS\system32\keyineko.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wusesewepi] Rundll32.exe "C:\WINDOWS\system32\keyineko.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1226019176
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2666919906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4607 bytes
MichaelHesse
Active Member
 
Posts: 4
Joined: August 11th, 2009, 5:52 am
Top
Advertisement
Register to Remove

Re: Undying Malware

Unread postby Wingman » August 13th, 2009, 7:23 pm

Hello... Welcome to the forum.
My name is Wingman, and I'll be helping you with any malware problems.
HijackThis logs can take a while to research, so please be patient.

I am currently under the guidance of the MRU teachers, everything I post to you, has been reviewed by them.
This additional review process can add some extra time to my responses...but not too much. ;)

Before we begin...please note the following important guidelines.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. DO NOT run any other fix or removal tools unless instructed to do so!
  3. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  4. Please, if you have questions about something...ASK, don't guess or assume.
  5. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  7. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.
In the meantime... please perform the following steps.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem.

Step 1.
RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Double click on RSIT.exe to run it.
  2. Please read the disclaimer... click on Continue.
  3. RSIT will start running. When done... 2 logs files...will be produced.
  4. The first one, "log.txt", will be maximized
  5. The second one, "info.txt", will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Step 2.
GMER
Please download GMER by GMER. An alternate download site.
  1. Unzip it to a folder on your desktop.
  2. Double click on gmer.exe to execute. If asked, allow the gmer.sys driver load.
  3. If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
  4. If you don't get a warning then...
    • Click the Rootkit/Malware tab at the top of the GMER window.
    • Click the Scan button.
  5. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
  6. Open Notepad and paste what you copied. Ctrl+V
  7. Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.

    In the GMER window...
  8. Click on the >>> tab at the top of the GMER window.
    This displays the rest of the "selection" tabs for you.
  9. Click on the Autostart tab.
  10. Click on Scan button.
  11. Once the scan has finished... click Copy.
  12. Open Notepad (again) and paste what you copied. Ctrl+V
  13. Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
  14. Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. RSIT log.txt and info.txt file contents.
  3. GMER gmerroot.txt and gmerauto.txt file contents.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Top

Re: Undying Malware

Unread postby MichaelHesse » August 16th, 2009, 1:32 am

Log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Good or Evil at 2009-08-16 01:27:11
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 3 GB (3%) free of 76 GB
Total RAM: 766 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:30 AM, on 8/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\kkw_run.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kkw_run.exe] kkw_run.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [wusesewepi] Rundll32.exe "C:\WINDOWS\system32\keyineko.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [wusesewepi] Rundll32.exe "C:\WINDOWS\system32\keyineko.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1226019176
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2666919906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 4607 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ParetoLogic Registration.job
C:\WINDOWS\tasks\ParetoLogic Update Version2.job
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4eaf-8143-8C619470B13D}]
XML Class - C:\WINDOWS\system32\msxml71.dll [2009-08-15 208900]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2003-07-28 49152]
"kkw_run.exe"=C:\WINDOWS\system32\kkw_run.exe [2005-12-15 106496]
"kmw_run.exe"=C:\WINDOWS\system32\kmw_run.exe [2005-09-01 118784]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-04 158208]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-08-10 2171904]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"autochk"=C:\WINDOWS\system32\autochk.dll [2009-08-16 20992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-08-10 3055616]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
"autochk"=C:\DOCUME~1\GOODOR~1\protect.dll [2009-08-15 20992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-20 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
C:\WINDOWS\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-12-18 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
C:\Program Files\Electronic Arts\EADM\Core.exe [2008-06-13 2752512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2005-10-19 126976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2005-10-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kuudgfm]
C:\WINDOWS\system32\kuudgfm.exe [2009-07-29 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2003-07-28 4841472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NVMCTRAY.DLL [2003-07-28 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winssvc]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Good or Evil^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Good or Evil^Start Menu^Programs^Startup^Sid Registration.lnk]
D:\ATR1.exe /remind /language=ENU /PRNM=Sid/PRMP=PIRS/SKUN=PCXX/GTYP=STRY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"idsvc"=3
"AntipPro2009_12"=2
"sdCoreService"=3
"sdAuxService"=3
"IDriverT"=3
"Lavasoft Ad-Aware Service"=3
"iPod Service"=3
"Bonjour Service"=2
"Apple Mobile Device"=2

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\Good or Evil\Start Menu\Programs\Startup
ChkDisk.dll
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-10-19 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\beep.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Games\Warcraft III\Frozen Throne.exe"="C:\Games\Warcraft III\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"C:\Games\Dawn of War - Dark Crusade\DarkCrusade.exe"="C:\Games\Dawn of War - Dark Crusade\DarkCrusade.exe:*:Enabled:DarkCrusade"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Games\Dawn of War - Soulstorm\Soulstorm.exe"="C:\Games\Dawn of War - Soulstorm\Soulstorm.exe:*:Enabled:Soulstorm"
"C:\Program Files\Electronic Arts\EADM\Core.exe"="C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Games\Age of Empires II\age2_x1.exe"="C:\Games\Age of Empires II\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"="C:\Program Files\CyberLink\Shared Files\RichVideo.exe:*:Enabled:RichVideo"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Games\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Games\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Good or Evil\swyrfd.exe"="C:\Documents and Settings\Good or Evil\swyrfd.exe:*:Enabled:ENABLE"
"C:\Games\World of Warcraft\Launcher.exe"="C:\Games\World of Warcraft\Launcher.exe:*:Enabled:World of Warcraft"
"C:\Games\World of Warcraft\Repair.exe"="C:\Games\World of Warcraft\Repair.exe:*:Enabled:World of Warcraft - Repair"
"C:\WINDOWS\system32\kuudgfm.exe"="C:\WINDOWS\system32\kuudgfm.exe:*:Enabled:ENABLE"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Games\Age of Mythology\aom.exe"="C:\Games\Age of Mythology\aom.exe:*:Enabled:Age of Mythology"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\arun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bff4ffb-3a97-11dd-a5e8-000f66e676a7}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.exe - open - C:\WINDOWS\system32\desot.exe "%1" %*

======List of files/folders created in the last 2 months======

65535-65535-31889 411:31889:475 ----ASH---- C:\WINDOWS\system32\wegubeva.dll
2009-08-16 01:27:11 ----D---- C:\rsit
2009-08-16 01:09:48 ----D---- C:\WINDOWS\LastGood
2009-08-15 11:02:56 ----D---- C:\Program Files\Windows Antivirus Pro
2009-08-15 10:32:21 ----A---- C:\WINDOWS\system32\msxml71.dll
2009-08-15 10:25:43 ----ASH---- C:\WINDOWS\system32\autochk.dll
2009-08-12 18:03:32 ----D---- C:\Program Files\MSXML 4.0
2009-08-12 08:17:26 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 08:17:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 08:17:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 08:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 08:16:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-08-12 08:16:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 08:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 08:16:13 ----A---- C:\WINDOWS\system32\MRT.INI
2009-08-12 08:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-08-12 08:12:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-11 05:43:55 ----D---- C:\Program Files\Trend Micro
2009-08-10 17:10:54 ----D---- C:\_OTM
2009-08-10 05:47:03 ----D---- C:\Documents and Settings\Good or Evil\Application Data\Spyware Terminator
2009-08-10 05:46:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-08-05 16:23:38 ----D---- C:\Program Files\Common Files\PC Tools
2009-08-05 16:23:31 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-07-31 11:19:25 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-07-29 22:55:21 ----A---- C:\WINDOWS\system32\kuudgfm.exe
2009-07-29 22:50:32 ----D---- C:\Documents and Settings\Good or Evil\Application Data\DriverCure
2009-07-29 22:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-07-29 22:50:24 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-07-29 13:58:15 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2009-07-29 13:58:15 ----A---- C:\WINDOWS\system32\igfxtray.exe
2009-07-29 13:58:15 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxress.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxpph.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxhk.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxext.exe
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxexps.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxeud.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxdo.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxdiag.exe
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxdgps.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxdev.dll
2009-07-29 13:58:14 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2009-07-29 13:58:13 ----A---- C:\WINDOWS\system32\ialmrnt5.dll
2009-07-29 13:58:13 ----A---- C:\WINDOWS\system32\ialmrem.dll
2009-07-29 13:58:13 ----A---- C:\WINDOWS\system32\ialmgicd.dll
2009-07-29 13:58:12 ----A---- C:\WINDOWS\system32\ialmgdev.dll
2009-07-29 13:58:12 ----A---- C:\WINDOWS\system32\ialmdnt5.dll
2009-07-29 13:58:12 ----A---- C:\WINDOWS\system32\ialmdev5.dll
2009-07-29 13:58:12 ----A---- C:\WINDOWS\system32\ialmdd5.dll
2009-07-29 13:58:12 ----A---- C:\WINDOWS\system32\iAlmCoIn_v4342.dll
2009-07-29 13:58:12 ----A---- C:\WINDOWS\system32\hkcmd.exe
2009-07-29 13:58:12 ----A---- C:\WINDOWS\system32\hccutils.dll
2009-07-29 13:40:44 ----A---- C:\WINDOWS\system32\dmcpl.exe
2009-07-29 13:34:26 ----D---- C:\Program Files\Spyware Doctor
2009-07-29 13:34:26 ----D---- C:\Documents and Settings\Good or Evil\Application Data\PC Tools
2009-07-29 13:33:33 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2009-07-29 13:30:18 ----HDC---- C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-07-29 13:22:56 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-07-29 13:22:52 ----D---- C:\Program Files\Security Task Manager
2009-07-28 08:37:32 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-28 03:16:38 ----D---- C:\WINDOWS\Intelliremote
2009-07-28 03:16:38 ----D---- C:\Program Files\Melloware
2009-07-28 03:16:38 ----D---- C:\Documents and Settings\Good or Evil\Application Data\Intelliremote
2009-07-28 03:16:29 ----A---- C:\WINDOWS\Intelliremote Setup Log.txt
2009-07-27 16:59:52 ----AD---- C:\WINDOWS\system32\images
2009-07-27 04:53:35 ----D---- C:\Documents and Settings\Good or Evil\Application Data\AVS4YOU
2009-07-27 04:53:35 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2009-07-27 04:51:39 ----D---- C:\Program Files\Common Files\AVSMedia
2009-07-27 04:51:32 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-07-27 04:51:32 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-07-27 04:51:31 ----D---- C:\Program Files\AVS4YOU
2009-07-27 04:51:31 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-07-27 04:51:31 ----A---- C:\WINDOWS\system32\GdiPlus.dll
2009-07-22 11:45:25 ----A---- C:\WINDOWS\W2BNEUnin.exe
2009-07-20 03:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-07-19 16:24:13 ----D---- C:\Program Files\iPod
2009-07-19 16:24:11 ----D---- C:\Program Files\iTunes
2009-07-19 01:38:12 ----D---- C:\b319779c7eac2a08ff7120d8
2009-07-19 01:21:46 ----D---- C:\Program Files\DivX
2009-07-19 01:21:46 ----D---- C:\Program Files\Common Files\DivX Shared
2009-07-19 00:56:39 ----HDC---- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-07-19 00:53:00 ----HDC---- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-07-19 00:50:42 ----RHD---- C:\AHCache
2009-07-19 00:46:46 ----D---- C:\Program Files\Uniblue
2009-07-19 00:46:43 ----HDC---- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-07-19 00:18:30 ----D---- C:\Documents and Settings\Good or Evil\Application Data\Uniblue
2009-07-18 16:26:59 ----D---- C:\WINDOWS\system32\Adobe
2009-07-17 16:08:07 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-17 16:07:42 ----D---- C:\Program Files\Lavasoft
2009-07-16 23:12:16 ----D---- C:\Documents and Settings\Good or Evil\Application Data\Ventrilo
2009-07-16 23:10:48 ----D---- C:\Program Files\Ventrilo
2009-07-16 23:10:41 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-07-16 03:21:23 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 03:21:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 03:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-09 13:38:08 ----D---- C:\Documents and Settings\Good or Evil\Application Data\yess
2009-07-08 20:49:39 ----D---- C:\Program Files\Curse
2009-07-06 13:05:57 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-06-26 16:33:03 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-06-26 16:32:28 ----D---- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-26 16:31:55 ----D---- C:\Program Files\Bonjour
2009-06-26 16:28:37 ----D---- C:\Program Files\Apple Software Update
2009-06-26 16:28:03 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-06-26 16:27:34 ----D---- C:\Program Files\Common Files\Apple
2009-06-26 16:27:33 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-06-26 15:00:01 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-06-26 15:00:00 ----A---- C:\WINDOWS\system32\ptpusd.dll

======List of files/folders modified in the last 2 months======

2009-08-16 01:24:45 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-16 01:24:32 ----D---- C:\Documents and Settings
2009-08-16 01:21:10 ----D---- C:\WINDOWS
2009-08-16 01:21:10 ----A---- C:\WINDOWS\TMP0001.TMP
2009-08-16 01:20:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-16 01:17:45 ----D---- C:\WINDOWS\system32
2009-08-16 01:17:45 ----AD---- C:\WINDOWS\Temp
2009-08-16 01:09:56 ----HD---- C:\WINDOWS\inf
2009-08-16 01:09:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-16 01:09:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-16 01:08:34 ----SD---- C:\WINDOWS\Tasks
2009-08-15 18:53:35 ----D---- C:\WINDOWS\Prefetch
2009-08-15 11:02:56 ----RD---- C:\Program Files
2009-08-15 06:14:33 ----D---- C:\Program Files\WinClamAVShield
2009-08-14 14:25:49 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 15:52:12 ----SHD---- C:\WINDOWS\Installer
2009-08-13 15:48:11 ----RSD---- C:\WINDOWS\Fonts
2009-08-13 15:46:48 ----D---- C:\Games
2009-08-12 18:03:33 ----D---- C:\WINDOWS\WinSxS
2009-08-12 08:17:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-12 08:17:21 ----A---- C:\WINDOWS\imsins.BAK
2009-08-12 08:16:36 ----D---- C:\Program Files\Outlook Express
2009-08-12 08:12:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-11 23:04:36 ----D---- C:\Documents and Settings\Good or Evil\Application Data\dvdcss
2009-08-11 22:40:49 ----D---- C:\Program Files\Spyware Terminator
2009-08-11 14:31:18 ----SH---- C:\boot.ini
2009-08-11 14:31:18 ----A---- C:\WINDOWS\win.ini
2009-08-11 14:31:18 ----A---- C:\WINDOWS\system.ini
2009-08-10 23:10:29 ----D---- C:\WINDOWS\Minidump
2009-08-10 21:34:26 ----RSD---- C:\WINDOWS\assembly
2009-08-10 21:34:26 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-10 21:34:26 ----D---- C:\WINDOWS\system32\DirectX
2009-08-10 05:59:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-06 03:08:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-05 16:23:38 ----D---- C:\Program Files\Common Files
2009-08-05 05:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 23:06:21 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-31 12:50:53 ----D---- C:\Documents and Settings\Good or Evil\Application Data\LimeWire
2009-07-30 13:51:49 ----D---- C:\WINDOWS\system32\wbem
2009-07-29 23:14:28 ----D---- C:\Program Files\OpenOffice.org 2.4
2009-07-29 23:07:20 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-29 23:00:20 ----D---- C:\WINDOWS\Help
2009-07-29 22:59:59 ----D---- C:\WINDOWS\nview
2009-07-29 22:42:30 ----D---- C:\WINDOWS\system32\NVSYS
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 17:36:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-29 14:57:36 ----D---- C:\WINDOWS\system32\Restore
2009-07-29 13:57:58 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-29 13:37:52 ----D---- C:\WINDOWS\system32\config
2009-07-28 22:50:40 ----D---- C:\WINDOWS\system32\en-US
2009-07-28 22:50:40 ----D---- C:\Program Files\Internet Explorer
2009-07-21 15:43:44 ----D---- C:\Documents and Settings\Good or Evil\Application Data\BitTorrent
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 08:31:38 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-19 01:46:47 ----D---- C:\WINDOWS\SxsCaPendDel
2009-07-19 01:39:49 ----D---- C:\WINDOWS\system32\XPSViewer
2009-07-19 01:22:05 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-19 00:12:35 ----D---- C:\WINDOWS\pss
2009-07-18 23:59:55 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-07-18 23:04:09 ----D---- C:\Documents and Settings\Good or Evil\Application Data\Google
2009-07-18 22:05:42 ----D---- C:\Program Files\DNA
2009-07-18 22:05:42 ----D---- C:\Documents and Settings\Good or Evil\Application Data\DNA
2009-07-18 16:28:44 ----D---- C:\WINDOWS\system32\Macromed
2009-07-17 16:09:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-17 16:07:42 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-17 16:07:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-17 14:55:28 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-13 23:43:24 ----N---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----N---- C:\WINDOWS\system32\wmp.dll
2009-07-07 04:21:23 ----D---- C:\Program Files\Electronic Arts
2009-07-06 12:37:25 ----A---- C:\WINDOWS\system32\CmdLineExt03.dll
2009-07-06 12:27:28 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-06-29 12:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 12:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 12:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 12:12:18 ----N---- C:\WINDOWS\system32\occache.dll
2009-06-29 12:12:18 ----N---- C:\WINDOWS\system32\mstime.dll
2009-06-29 12:12:18 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 12:12:16 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 12:12:16 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\corpol.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 07:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 07:07:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 04:33:39 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-06-27 00:36:58 ----D---- C:\Documents and Settings\Good or Evil\Application Data\SPORE
2009-06-26 23:58:54 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-06-26 18:26:08 ----D---- C:\Documents and Settings\Good or Evil\Application Data\Apple Computer
2009-06-26 16:32:28 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-06-26 16:31:12 ----D---- C:\Program Files\QuickTime

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KKW_HID;Kensington HIDClass Filter Driver; C:\WINDOWS\System32\DRIVERS\KKW_HID.sys [2005-12-01 14208]
R3 KMW_KBD;Kensington Input Devices Class filter driver; C:\WINDOWS\System32\DRIVERS\KMW_KBD.sys [2005-09-01 5760]
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver; C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2005-09-01 92032]
R3 KMW_USB;Kensington MouseWorks USB filter driver; C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2005-09-01 10496]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
S1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
S1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]
S2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2008-01-24 17801]
S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
S2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2003-07-16 63232]
S2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2003-07-16 55936]
S2 pkdmhhldx;pkdmhhldx; \??\C:\WINDOWS\system32\drivers\yvhezxxxxly.sys []
S2 xzagk;xzagk; \??\C:\WINDOWS\system32\drivers\ifodmkkpu.sys []
S2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys []
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 ay2g97tk;ay2g97tk; C:\WINDOWS\system32\drivers\ay2g97tk.sys []
S3 azipejdy;azipejdy; C:\WINDOWS\system32\drivers\azipejdy.sys []
S3 BCM43XX;Motorola Wireless Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
S3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\system32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-10-19 807998]
S3 lredbooo;lredbooo; \??\C:\DOCUME~1\GOODOR~1\LOCALS~1\Temp\lredbooo.sys []
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-02-28 545024]
S3 TRCDR;TRCDR; C:\WINDOWS\system32\drivers\trcdr.sys [2003-06-02 31588]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntipPro2009_100;AntipyProex; C:\WINDOWS\svchast.exe []
S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824]
S2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
S2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-08-10 487424]
S2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2005-02-18 65536]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S4 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------
MichaelHesse
Active Member
 
Posts: 4
Joined: August 11th, 2009, 5:52 am
Top

Re: Undying Malware

Unread postby MichaelHesse » August 16th, 2009, 1:33 am

Info.txt

info.txt logfile of random's system information tool 1.06 2009-08-16 01:27:27

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "c:\Temp\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
ADF View Shell Extension-->rundll32.exe C:\WINDOWS\system32\ShellExt\AdfView.dll,Uninstall C:\WINDOWS\system32\ShellExt\AdfView.inf
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Age of Mythology-->"C:\Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AVI Codec Pack-->C:\Program Files\AVI Codec Pack\uninstall.exe
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Black & White® 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe" -l0x9 -removeonly
BlueJ 2.2.1-->"C:\BlueJ\uninst\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Curse Client-->C:\Program Files\Curse\uninstall.exe
Darwinia v1.42-->"C:\Games\Darwinia\unins000.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.6-->C:\Program Files\Download Manager\uninst.exe
Dungeon Keeper 2-->C:\WINDOWS\IsUninst.exe -f"C:\Games\Dungeon Keeper 2\Uninst.isu" -c"C:\Games\Dungeon Keeper 2\uninst.dll"
Dungeon Keeper 2-->C:\WINDOWS\system32\sdbinst.exe -u "C:\WINDOWS\AppPatch\Custom\{235de4e2-0f0f-459b-a222-2af67cf2bde9}.sdb"
EA Download Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{EF7E931D-DC84-471B-8DB6-A83358095474} /l1033
Empire of the Ants-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Games\Empire of the Ants\UnInstall\setup.exe"
Fraps-->"C:\Program Files\Fraps\uninstall.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Higher Score on the ACT-->"C:\Program Files\Kap.ACTr\unins000.exe"
Higher Score on the SAT/PSAT-->"C:\Program Files\Kap.SATr\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Impulse-->"C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE
Impulse-->C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}\Impulse_setup.exe
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intelliremote 2.7.4.864-->"C:\WINDOWS\Intelliremote\uninstall.exe" "/U:C:\Program Files\Melloware\Intelliremote\irunin.xml"
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) SE Development Kit 6 Update 4-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kensington Keyboard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B5E17D7-C0CF-4CC3-8870-0181D622B93C}\setup.exe" -l0x9 -u
Kensington MouseWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C78937F-0C8E-11D9-A3EB-0001025FA304}\setup.exe" -l0x9 -u
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
Majestic Chess-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A25DAEDA-5558-4E1D-931A-5D57053FDFED}\Setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MashON SPORE Comic Book Creator-->MsiExec.exe /X{1F440B7A-6499-3582-37A9-A76B25F8991A}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Application Compatibility Toolkit 5.0-->MsiExec.exe /X{BBB3F622-D848-4CDA-B282-CC53627432F0}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MobileMe Control Panel-->MsiExec.exe /I{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}
Motorola Wireless Network Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Mozilla Firefox (2.0.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySQL Connector/ODBC 3.51-->MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NetBeans IDE 6.0.1-->"C:\Program Files\NetBeans 6.0.1\uninstall.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Populous: The Beginning-->C:\WINDOWS\IsUninst.exe -fC:\Games\Populous\Uninst.isu -c"C:\Games\Populous\uninst.dll"
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 8 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
SPORE™ Creepy & Cute Parts Pack-->"C:\Program Files\InstallShield Installation Information\{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}\SPORE_BP1Setup.exe" -runfromtemp -l0x0009 -removeonly
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Star Trek Armada II-->C:\WINDOWS\IsUninst.exe -f"C:\Games\Star Trek Armada II\STA2.isu"
Starcraft-->C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TriCoder Utilities-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Worth Data\TriCoder Utilities\DeIsL1.isu" -c"C:\Program Files\Worth Data\TriCoder Utilities\_ISREG32.DLL"
UltraCompare v6.00-->MsiExec.exe /I{779C7069-90E3-491E-90F3-9B3534DCBF0C}
UltraEdit 14.20-->MsiExec.exe /I{3350F250-FF14-4CD4-97CF-F54239B31EC6}
Uniblue DriverScanner 2009-->"C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\Documents and Settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Uniblue RegistryBooster 2009-->"C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
UUDeview for Windows-->C:\PROGRA~1\UUDeview\UNWISE.EXE C:\PROGRA~1\UUDeview\INSTALL.LOG
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora Xbox 360 Converter 2.25-->C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Warcraft II BNE-->C:\WINDOWS\W2BNEUnin.exe C:\WINDOWS\W2BNEUnin.dat
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Windows Antivirus Pro-->C:\Program Files\Windows Antivirus Pro\AntiSpyware_Uninstall.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
YouTube Video Grabber 1.16-->"C:\Program Files\LitexMedia\YouTube Video Grabber\unins000.exe"

======System event log======

Computer Name: RAISTLAINSCOMP
Event Code: 7000
Message: The Zune Bus Enumerator Driver service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 28300
Source Name: Service Control Manager
Time Written: 20090724162532.000000-240
Event Type: error
User:

Computer Name: RAISTLAINSCOMP
Event Code: 1036
Message: Terminal Server session creation failed. The relevant status code was 0xC0000037.

Record Number: 28295
Source Name: TermService
Time Written: 20090724162336.000000-240
Event Type: error
User:

Computer Name: RAISTLAINSCOMP
Event Code: 1036
Message: Terminal Server session creation failed. The relevant status code was 0xC0000037.

Record Number: 28294
Source Name: TermService
Time Written: 20090724162309.000000-240
Event Type: error
User:

Computer Name: RAISTLAINSCOMP
Event Code: 1036
Message: Terminal Server session creation failed. The relevant status code was 0xC0000037.

Record Number: 28293
Source Name: TermService
Time Written: 20090724162230.000000-240
Event Type: error
User:

Computer Name: RAISTLAINSCOMP
Event Code: 1036
Message: Terminal Server session creation failed. The relevant status code was 0xC0000037.

Record Number: 28292
Source Name: TermService
Time Written: 20090724161217.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: RAISTLAINSCOMP
Event Code: 1001
Message: Detection of product '{90110409-6000-11D3-8CFE-0050048383C9}', feature 'ACCESSSnapshotFiles' failed during request for component '{67125484-CE38-11D1-ACBB-0080C7FCBB84}'

Record Number: 21
Source Name: MsiInstaller
Time Written: 20081215175827.000000-300
Event Type: warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: RAISTLAINSCOMP
Event Code: 1001
Message: Detection of product '{90110409-6000-11D3-8CFE-0050048383C9}', feature 'ACCESSSnapshotFiles' failed during request for component '{67125484-CE38-11D1-ACBB-0080C7FCBB84}'

Record Number: 19
Source Name: MsiInstaller
Time Written: 20081215175809.000000-300
Event Type: warning
User: RAISTLAINSCOMP\Good or Evil

Computer Name: RAISTLAINSCOMP
Event Code: 1517
Message: Windows saved user RAISTLAINSCOMP\Good or Evil registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 14
Source Name: Userenv
Time Written: 20081215022714.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RAISTLAINSCOMP
Event Code: 1517
Message: Windows saved user RAISTLAINSCOMP\Good or Evil registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 9
Source Name: Userenv
Time Written: 20081215014501.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RAISTLAINSCOMP
Event Code: 1517
Message: Windows saved user RAISTLAINSCOMP\Isabella registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5
Source Name: Userenv
Time Written: 20081214135619.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"FP_NO_HOST_CHECK"=NO
"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------
MichaelHesse
Active Member
 
Posts: 4
Joined: August 11th, 2009, 5:52 am
Top

Re: Undying Malware

Unread postby MichaelHesse » August 16th, 2009, 2:14 am

Computer has gotten worse in the last few days. Internet pages are hijacked, and even opening programs becomes difficult. When opening gmer.exe for example, a page comes up asking what program to use to open, recomending notepad, forcing me to browse for the correct exe and run it that way. This makes no sense, as an exe should run automatically, meaning that the program opening is being hijacked. Opening notepad for example requires the same thing, but when I pick notepad it opens a document filled with tens of thousands of random characters, such as opening a file which is incompatible with notepad, such as a picture. Please help me to fix this problem.


gmerroot.txt:

GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-16 02:08:46
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

INT 0x62 ? 82F6FBF8
INT 0x63 ? 82CA7BF8
INT 0x82 ? 82F6FBF8
INT 0xA4 ? 82CA7BF8
INT 0xB4 ? 82CA7BF8

Code 82A7F110 ZwEnumerateKey
Code 82A7E958 ZwFlushInstructionCache
Code 82A81466 ZwSaveKey
Code 82A812EE ZwSaveKeyEx
Code 82A815DE IofCallDriver
Code 82A840C6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82A815E3
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82A840CB
PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 5 Bytes JMP 82A7F114
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80576A6A 5 Bytes JMP 82A7E95C
PAGE ntoskrnl.exe!ZwSaveKey 8064C1EF 5 Bytes JMP 82A8146A
PAGE ntoskrnl.exe!ZwSaveKeyEx 8064C287 5 Bytes JMP 82A812F2
? spsf.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6E5162C 5 Bytes JMP 82CA71D8

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\nvsvc32.exe[140] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0068000A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[268] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B000A
.text C:\WINDOWS\System32\svchost.exe[380] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0065000A
.text C:\WINDOWS\TEMP\c.exe[400] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 006B000A
.text C:\Program Files\Spyware Terminator\sp_rsser.exe[432] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0071000A
.text ...
C:\WINDOWS\system32\drivers\smss.exe[1804] C:\WINDOWS\system32\drivers\smss.exe unknown last code section [0x00418000, 0xA000, 0xC00000E0]
.text C:\WINDOWS\system32\drivers\smss.exe[1804] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0091000A
.text C:\WINDOWS\Explorer.exe[1908] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00B4000A
.text C:\WINDOWS\system32\wscntfy.exe[2184] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0084000A
.text C:\WINDOWS\system32\ctfmon.exe[2384] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003F000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 3E351F8F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 3E351F10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 3E351F54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 3E351E9C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 3E351ED6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 3E351FCA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] ole32.dll!OleLoadFromStream 7752A257 5 Bytes JMP 3E35218C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] ws2_32.dll!send 71AB428A 5 Bytes JMP 10425660
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] ws2_32.dll!WSARecv 71AB4318 5 Bytes JMP 104256E4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] ws2_32.dll!recv 71AB615A 5 Bytes JMP 104258C4
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2472] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 10425834
.text C:\WINDOWS\system32\wuauclt.exe[2480] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B000A
.text C:\Documents and Settings\Good or Evil\Desktop\gmer\gmer.exe[2856] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 088B000A
.text C:\WINDOWS\System32\svchost.exe[3472] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\wuauclt.exe[4056] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F714B8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F74A993C] spsf.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F74A9990] spsf.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F747A040] spsf.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F747A13C] spsf.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F747A0BE] spsf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F747A7FC] spsf.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F747A6D2] spsf.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82CA72D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA] [00418FFD] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [00418FFD] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00418DF3] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00418E6B] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxA] [00419009] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxW] [00419009] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [00418FF7] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [00418FF7] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00418F91] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00418EE3] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExW] [00418E6B] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!MessageBoxW] [00419009] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [00418F91] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [00418FFD] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00418DF3] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00418E6B] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [00418FFD] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!MessageBoxW] [00419009] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00418EE3] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [00418E6B] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DialogBoxParamW] [00418FFD] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [00418EE3] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [00418F91] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxW] [00419009] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxA] [00419009] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\c.exe[400] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!MessageBoxIndirectW] [00418FF7] C:\WINDOWS\TEMP\c.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA] [00416A32] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW] [00416AAC] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowPos] [00416BD8] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!ShowWindow] [00416B26] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!CreateWindowExW] [00416AAC] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowPos] [00416BD8] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExA] [00416A32] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateWindowExW] [00416AAC] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!ShowWindow] [00416B26] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!CreateWindowExW] [00416AAC] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!ShowWindow] [00416B26] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowPos] [00416BD8] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!SetWindowPos] [00416BD8] C:\WINDOWS\TEMP\b.exe
IAT C:\WINDOWS\TEMP\b.exe[2004] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!ShowWindow] [00416B26] C:\WINDOWS\TEMP\b.exe

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F6E1F8
Device \FileSystem\Fastfat \FatCdrom 829CA500
Device \Driver\usbuhci \Device\USBPDO-0 82BF41F8
Device \Driver\usbuhci \Device\USBPDO-1 82BF41F8
Device \Driver\usbuhci \Device\USBPDO-2 82BF41F8
Device \Driver\usbehci \Device\USBPDO-3 82C981F8
Device \Driver\PCI_PNP0222 \Device\00000047 spsf.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDE1F8
Device \Driver\Cdrom \Device\CdRom0 82934500
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 82F6F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82F6F1F8
Device \Driver\atapi \Device\Ide\IdePort0 82F6F1F8
Device \Driver\atapi \Device\Ide\IdePort1 82F6F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 82F6F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82910500
Device \Driver\NetBT \Device\NetbiosSmb 82910500
Device \Driver\NetBT \Device\NetBT_Tcpip_{568C2C6E-0EA7-4A78-8EB5-07A2078A5667} 82910500
Device \Driver\sptd \Device\2096665222 spsf.sys
Device \Driver\usbuhci \Device\USBFDO-0 82BF41F8
Device \Driver\usbuhci \Device\USBFDO-1 82BF41F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82989500
Device \Driver\usbuhci \Device\USBFDO-2 82BF41F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82989500
Device \Driver\usbehci \Device\USBFDO-3 82C981F8
Device \Driver\Ftdisk \Device\FtControl 82FDE1F8
Device \Driver\abrm627d \Device\Scsi\abrm627d1Port2Path0Target0Lun0 8290B500
Device \Driver\abrm627d \Device\Scsi\abrm627d1 8290B500
Device \Driver\abrm627d \Device\Scsi\abrm627d1Port2Path0Target1Lun0 8290B500
Device \FileSystem\Fastfat \Fat 829CA500

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 829E2500
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\nvsvc32.exe [140] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\Program Files\CyberLink\Shared Files\RichVideo.exe [268] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [380] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\TEMP\c.exe [400] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\Program Files\Spyware Terminator\sp_rsser.exe [432] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\wltrysvc.exe [616] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [644] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [700] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [712] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\bcmwltry.exe [756] 0x003D0000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [956] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1016] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1104] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1172] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1300] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1452] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1724] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\drivers\smss.exe [1804] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.exe [1908] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\TEMP\b.exe [2004] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [2128] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\wscntfy.exe [2184] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [2384] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\IEXPLORE.EXE [2472] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\wuauclt.exe [2480] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\Documents and Settings\Good or Evil\Desktop\gmer\gmer.exe [2856] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3472] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxuquqvqq.dll (*** hidden *** ) @ C:\WINDOWS\system32\wuauclt.exe [4056] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\geyekrcfyvrdst.sys (*** hidden *** ) [SYSTEM] geyekrtkdckqfs <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs@imagepath \systemroot\system32\drivers\geyekrcfyvrdst.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\main@aid 10056
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrcfyvrdst.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\modules@geyekrcmd.dll \systemroot\system32\geyekrnohqmvmi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\modules@geyekrlog.dat \systemroot\system32\geyekredwklprd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\modules@geyekrwsp.dll \systemroot\system32\geyekrxuquqvqq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\geyekrtkdckqfs\modules@geyekr.dat \systemroot\system32\geyekrqhxdkppr.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x14 0x63 0xF5 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8F 0x34 0x02 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x22 0x5F 0x3F 0xA0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE0 0xF9 0xB0 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs@imagepath \systemroot\system32\drivers\geyekrcfyvrdst.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\main@aid 10056
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\modules@geyekrrk.sys \systemroot\system32\drivers\geyekrcfyvrdst.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\modules@geyekrcmd.dll \systemroot\system32\geyekrnohqmvmi.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\modules@geyekrlog.dat \systemroot\system32\geyekredwklprd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\modules@geyekrwsp.dll \systemroot\system32\geyekrxuquqvqq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrtkdckqfs\modules@geyekr.dat \systemroot\system32\geyekrqhxdkppr.dat
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x14 0x63 0xF5 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x8F 0x34 0x02 0xA9 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x22 0x5F 0x3F 0xA0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xE0 0xF9 0xB0 0x85 ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\SecTaskMan\geyekrxuquqvqq.dll.q_Quarantine_1BB50_q.ini 282 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\CD Burning 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Credentials 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Feeds 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Feeds Cache 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\HelpCtr 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Internet Explorer 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Media Player 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Portable Devices 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Wallpaper1.bmp 1440054 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Windows 0 bytes
File C:\Games\World of Warcraft\Interface\AddOns\Gatherer\Windows Media 0 bytes

---- EOF - GMER 1.0.15 ----


gmerauto.txt:

GMER 1.0.15.15020 - http://www.gmer.net
Autostart scan 2009-08-16 02:09:41
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk /r \??\C: autocheck autochk * lsdelete /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe
@ShellExplorer.exe rundll32.exe tapi.nfo beforeglav = Explorer.exe rundll32.exe tapi.nfo beforeglav

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxsrvc.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntipPro2009_100@ = C:\WINDOWS\svchast.exe /*file not found*/
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
RichVideo@ = "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" ???????????????????????????????????????????????????????
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
sp_rssrv@ = "C:\Program Files\Spyware Terminator\sp_rsser.exe"
wltrysvc@ = %SystemRoot%\System32\wltrysvc.exe %SystemRoot%\System32\bcmwltry.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@nwiznwiz.exe /install = nwiz.exe /install
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@kkw_run.exekkw_run.exe = kkw_run.exe
@kmw_run.exekmw_run.exe = kmw_run.exe
@MSConfigC:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto = C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
@SpywareTerminator"C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" = "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@autochkrundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 = rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SpywareTerminatorUpdate"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
@DAEMON Tools Lite"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
@autochkrundll32.exe C:\DOCUME~1\GOODOR~1\protect.dll,_IWMPEvents@16 = rundll32.exe C:\DOCUME~1\GOODOR~1\protect.dll,_IWMPEvents@16

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Classes\.exe@ = C:\WINDOWS\system32\desot.exe "%1" %*

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.69 Context Menu Shell Extension*/C:\Program Files\WinAce\arcext.dll = C:\Program Files\WinAce\arcext.dll
@{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.69 DragDrop Shell Extension*/C:\Program Files\WinAce\arcext.dll = C:\Program Files\WinAce\arcext.dll
@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.69 Context Menu Shell Extension*/C:\Program Files\WinAce\arcext.dll = C:\Program Files\WinAce\arcext.dll
@{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} /*WinAce Archiver 2.69 Property Sheet Shell Extension*/C:\Program Files\WinAce\arcext.dll = C:\Program Files\WinAce\arcext.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BD88A479-9623-4897-8546-BC62B9628F44} /*SPTHandler*/C:\Program Files\Spyware Terminator\sptcontmenu.dll = C:\Program Files\Spyware Terminator\sptcontmenu.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} /*OpenOffice.org Column Handler*/"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" /*file not found*/ = "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" /*file not found*/
@{087B3AE3-E237-4467-B8DB-5A38AB959AC9} /*OpenOffice.org Infotip Handler*/"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" /*file not found*/ = "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" /*file not found*/
@{63542C48-9552-494A-84F7-73AA6A7C99C1} /*OpenOffice.org Property Sheet Handler*/"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" /*file not found*/ = "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" /*file not found*/
@{3B092F0C-7696-40E3-A80F-68D74DA84210} /*OpenOffice.org Thumbnail Viewer*/"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" /*file not found*/ = "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" /*file not found*/
@{2B3256E4-49DF-11D3-8229-0080AE509054} /*Amiga Disk File*/C:\WINDOWS\system32\ShellExt\AdfView.dll = C:\WINDOWS\system32\ShellExt\AdfView.dll
@{2B3256E4-49DF-11D3-8229-0080AE509056} /*ADFView Property Sheet*/C:\WINDOWS\system32\ShellExt\AdfView.dll = C:\WINDOWS\system32\ShellExt\AdfView.dll
@{2B3256E4-49DF-11D3-8229-0080AE509058} /*ADFView Drop Handler*/C:\WINDOWS\system32\ShellExt\AdfView.dll = C:\WINDOWS\system32\ShellExt\AdfView.dll
@{2B3256E4-49DF-11D3-8229-0080AE509059} /*ADFView Context Menu*/C:\WINDOWS\system32\ShellExt\AdfView.dll = C:\WINDOWS\system32\ShellExt\AdfView.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Program Files\Spyware Terminator\sptcontmenu.dll
ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd@{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
SPTContMenu@{BD88A479-9623-4897-8546-BC62B9628F44} = C:\Program Files\Spyware Terminator\sptcontmenu.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{500BCA15-57A7-4eaf-8143-8C619470B13D} = C:\WINDOWS\system32\msxml71.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\ssmypics.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\Good or Evil\Start Menu\Programs\Startup >>>
ChkDisk.dll = ChkDisk.dll
ChkDisk.lnk = ChkDisk.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup = Microsoft Office.lnk

---- EOF - GMER 1.0.15 ----
MichaelHesse
Active Member
 
Posts: 4
Joined: August 11th, 2009, 5:52 am
Top

Re: Undying Malware

Unread postby Wingman » August 17th, 2009, 2:41 pm

Hello Michael,

I sorry to give you bad news but your system is heavily compromised with multiple infections, some of which are rootkits and backdoor trojans!

Rootkit - Backdoor Warning
Your computer has multiple infections, including a rootkit and a backdoor trojan infection..
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.
A backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge.
A backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.
Typically it's installed without user interaction through security exploits, and can severely compromise system security.
Such infections may open illicit network connections, use polymorphic tactics to self-mutate, disable security software, modify system files, and install additional malware.
These backdoor infections may also collect and transmit personally identifiable information, without your consent and severely degrade the performance and stability of your computer.
A backdoor infection can give intruders complete control of your computer, logs your keystrokes, obtain passwords, steal personal information, etc.

You are strongly advised to do the following:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
    If you don't mind the hassle, change all your account numbers.
  3. From a clean computer, change all your passwords
    (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
  4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to their rootkit & backdoor functionalities, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with these type of Trojans or rootkits,
the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...

To help you understand more, please take some time to read the following articles:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

We can attempt to clean this machine... going through a long and tedious removal process but can not guarantee that it won't still be compromised, afterwards.
My suggestion is to backup any personal files you want to keep... then reformat and reinstall you operating system. That will provide the best remedy for the current infestation.
Once done, you should then install and keep up-to-date, a good antivirus program and a 3rd party firewall. I can refer you to some free software, if needed.

Let me know if I can be of further assistance,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14347
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Top

Re: Undying Malware

Unread postby NonSuch » August 21st, 2009, 4:04 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 281 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index