Jump to content
Sign in to follow this  
Stryke

Bad Image Error **{Vista}** (Resolved)

Recommended Posts

Hello, every time I boot up my computer or run a program, it works, but not without reporting several Bad Image Errors. For reference, it only says that globalroot\systemroot\system32\hjgruiqinecksi.dll contains the error. While I am still able to work, listen to music, and watch movies, I still would appreciate help solving this issue. Thanks to all those who help in advance. On a side note, Happy Fourth of July!

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:59:34 PM, on 7/4/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\aestsrv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\Internet Security\UfNavi.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchFilterHost.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

 

--

End of file - 5076 bytes

Edited by Stryke

Share this post


Link to post
Share on other sites

Please note that all instructions given are customised for this computer only,

the tools used may cause damage if used on a computer with different infections.

 

If you think you have similar problems, please post a log in the HJT forum and wait for help.

 

Hello and welcome to the forums

 

My name is Katana and I will be helping you to remove any infection(s) that you may have.

 

Please observe these rules while we work:

  • Please Read All Instructions Carefully
  • If you don't understand something, stop and ask! Don't keep going on.
  • Please do not run any other tools or scans whilst I am helping you
  • Failure to reply within 5 days will result in the topic being closed.
  • Please continue to respond until I give you the "All Clear"

    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Posted Image

 

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

 

Please Note, your security programs may give warnings for some of the tools I will ask you to use.

Be assured, any links I give are safe

----------------------------------------------------------------------------------------

 

 

Download and Run RSIT

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
Please Download GMER to your desktop

 

Download GMER and extract it to your desktop.

 

***Please close any open programs ***

 

Double-click gmer.exe. The program will begin to run.

 

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

 

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click Yes.

  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.

  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

 

Please post the results from the GMER scan in your reply.

Share this post


Link to post
Share on other sites

Log.txt:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Alexandre Streicher at 2009-07-05 16:59:05

Microsoft® Windows Vista™ Ultimate Service Pack 1

System drive C: has 96 GB (54%) free of 178 GB

Total RAM: 3069 MB (38% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:59:23 PM, on 7/5/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18248)

Boot mode: Normal

 

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\aestsrv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\Windows\system32\STacSV.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Windows\system32\werfault.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Alexandre Streicher\Downloads\RSIT.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Trend Micro\HijackThis\Alexandre Streicher.exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

 

--

End of file - 5106 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"TSC"=C:\Program Files\Trend Micro\Internet Security\tsc.exe [2009-03-27 366344]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-06-17 414992]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======List of files/folders created in the last 1 months======

 

2009-07-05 16:59:05 ----D---- C:\rsit

2009-07-04 22:01:17 ----A---- C:\Windows\ntbtlog.txt

2009-07-04 21:36:23 ----AD---- C:\ProgramData\TEMP

2009-07-04 21:36:13 ----D---- C:\Program Files\Common Files\PC Tools

2009-07-04 21:36:07 ----D---- C:\ProgramData\PC Tools

2009-07-04 21:36:07 ----D---- C:\Program Files\Spyware Doctor

2009-07-04 21:29:40 ----D---- C:\ProgramData\Malwarebytes

2009-07-04 21:29:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-07-04 21:10:58 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2009-07-04 21:10:51 ----D---- C:\Program Files\SUPERAntiSpyware

2009-07-04 21:06:54 ----A---- C:\Windows\system32\aswBoot.exe

2009-07-04 21:06:52 ----D---- C:\Program Files\Alwil Software

2009-07-04 21:03:01 ----D---- C:\Program Files\Eusing Free Registry Cleaner

2009-07-04 20:38:47 ----D---- C:\ProgramData\Spybot - Search & Destroy

2009-07-04 20:38:47 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-07-04 20:37:25 ----D---- C:\Program Files\Bazooka Scanner

2009-07-04 20:16:58 ----A---- C:\Windows\DCEBoot.exe

2009-07-03 20:07:44 ----D---- C:\Program Files\redshark

2009-07-02 16:27:31 ----D---- C:\Program Files\Veoh Networks

2009-06-22 20:45:33 ----D---- C:\Program Files\Yugioh Virtual Dueling

2009-06-19 21:55:25 ----A---- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\accounts.txt

2009-06-19 20:43:08 ----D---- C:\ProgramData\TrackMania

2009-06-19 20:39:31 ----D---- C:\Program Files\TmNationsForever

2009-06-14 14:45:56 ----D---- C:\Program Files\Common Files\Software Update Utility

2009-06-14 14:45:51 ----D---- C:\ProgramData\AIM Toolbar

2009-06-14 14:45:51 ----D---- C:\Program Files\AIM Toolbar

2009-06-14 14:05:54 ----D---- C:\ProgramData\AOL Downloads

2009-06-13 16:51:19 ----A---- C:\Windows\system32\psisdecd.dll

2009-06-13 16:51:19 ----A---- C:\Windows\system32\EncDec.dll

2009-06-10 06:39:11 ----A---- C:\Windows\system32\localspl.dll

2009-06-10 06:39:10 ----A---- C:\Windows\system32\rpcrt4.dll

2009-06-10 06:39:06 ----A---- C:\Windows\system32\mshtml.dll

2009-06-10 06:39:05 ----A---- C:\Windows\system32\wininet.dll

2009-06-10 06:39:05 ----A---- C:\Windows\system32\urlmon.dll

2009-06-10 06:39:05 ----A---- C:\Windows\system32\ieframe.dll

2009-06-10 06:39:04 ----A---- C:\Windows\system32\occache.dll

2009-06-10 06:39:04 ----A---- C:\Windows\system32\mstime.dll

2009-06-10 06:39:04 ----A---- C:\Windows\system32\msfeeds.dll

2009-06-10 06:39:04 ----A---- C:\Windows\system32\jsproxy.dll

2009-06-10 06:39:04 ----A---- C:\Windows\system32\ieUnatt.exe

2009-06-10 06:39:04 ----A---- C:\Windows\system32\iertutil.dll

2009-06-10 06:39:04 ----A---- C:\Windows\system32\ieencode.dll

2009-06-10 06:39:04 ----A---- C:\Windows\system32\iedkcs32.dll

2009-06-10 06:39:04 ----A---- C:\Windows\system32\ieaksie.dll

2009-06-10 06:35:25 ----D---- C:\Program Files\Your Freedom

 

======List of files/folders modified in the last 1 months======

 

2009-07-05 16:59:16 ----D---- C:\Windows\Prefetch

2009-07-05 16:59:10 ----D---- C:\Windows\Temp

2009-07-05 15:50:24 ----D---- C:\Windows\System32

2009-07-05 02:35:53 ----D---- C:\Program Files\Mozilla Firefox

2009-07-05 00:03:48 ----D---- C:\Windows\system32\drivers

2009-07-04 23:50:21 ----D---- C:\Windows\inf

2009-07-04 23:50:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-07-04 23:47:22 ----D---- C:\Windows

2009-07-04 21:46:03 ----RD---- C:\Program Files

2009-07-04 21:36:23 ----HD---- C:\ProgramData

2009-07-04 21:36:23 ----D---- C:\Program Files\Trend Micro

2009-07-04 21:36:13 ----D---- C:\Program Files\Common Files

2009-07-04 21:10:55 ----SHD---- C:\Windows\Installer

2009-07-04 21:09:47 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-07-04 20:46:31 ----SD---- C:\Windows\Downloaded Program Files

2009-07-04 20:46:31 ----D---- C:\Program Files\Download Manager

2009-07-04 20:40:31 ----D---- C:\Program Files\Windows Sidebar

2009-07-04 20:20:54 ----D---- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\skypePM

2009-07-04 00:01:31 ----D---- C:\Program Files\Warcraft III

2009-07-03 20:07:38 ----SHD---- C:\System Volume Information

2009-07-02 21:20:29 ----D---- C:\Program Files\Garena

2009-06-29 17:16:38 ----D---- C:\Program Files\Mozilla Thunderbird

2009-06-24 19:15:04 ----D---- C:\Program Files\Evolution Tools

2009-06-22 20:45:36 ----RSD---- C:\Windows\Fonts

2009-06-19 21:13:30 ----D---- C:\Windows\Minidump

2009-06-19 20:42:33 ----RSD---- C:\Windows\assembly

2009-06-14 17:48:26 ----D---- C:\Windows\Microsoft.NET

2009-06-14 14:46:01 ----D---- C:\Program Files\AIM6

2009-06-14 14:45:48 ----D---- C:\Program Files\Viewpoint

2009-06-14 14:45:45 ----D---- C:\ProgramData\Viewpoint

2009-06-14 14:45:15 ----D---- C:\Windows\winsxs

2009-06-14 03:01:45 ----D---- C:\Windows\ehome

2009-06-13 16:50:37 ----D---- C:\Windows\system32\catroot2

2009-06-13 16:50:37 ----D---- C:\Windows\system32\catroot

2009-06-11 03:11:54 ----D---- C:\Program Files\Internet Explorer

2009-06-10 06:42:50 ----D---- C:\Program Files\SocksCapV2

2009-06-06 17:24:59 ----D---- C:\Program Files\Magic Workstation

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]

R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720]

R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]

R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys [2008-09-18 142352]

R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2008-03-25 65936]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]

R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-07-17 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-07-17 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-07-17 37376]

R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2009-04-02 52752]

R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2009-04-02 142864]

R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2009-04-02 52624]

R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys [2008-11-26 36368]

R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys [2008-09-18 234512]

R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys [2008-11-26 205328]

R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys [2008-11-26 1195384]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-07-18 179712]

R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-08-26 19456]

R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]

R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-08-26 29184]

R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2006-11-06 78128]

R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2006-11-06 80176]

R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-06 16560]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-05-26 25280]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2009-06-17 38160]

R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-08-13 2226688]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-01-10 8257056]

R3 OEM02Dev;Creative Camera OEM002 Driver; C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-12-03 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver; C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-12-03 7424]

R3 physX32;physX32; C:\Windows\system32\DRIVERS\physX32.sys [2007-06-26 117888]

R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-19 88576]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2008-01-01 330240]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-27 193456]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]

S3 a87830kq;a87830kq; C:\Windows\system32\drivers\a87830kq.sys []

S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-19 93696]

S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2008-01-19 93696]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-08-26 220160]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]

S3 GPU-Z;GPU-Z; \??\C:\Users\ALEXAN~1\AppData\Local\Temp\GPU-Z.sys []

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\Windows\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\Windows\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\Windows\system32\DRIVERS\HPZius12.sys [2006-05-16 21568]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]

S3 USBIO;USBIO Driver (usbio.sys); C:\Windows\System32\Drivers\usbio.sys [2001-05-07 19805]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\system32\aestsrv.exe [2008-01-01 73728]

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-07-25 647168]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-02-12 355096]

R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2008-02-22 390424]

R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-07-25 327680]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]

R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]

R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-04-10 703008]

R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\STacSV.exe [2008-01-01 102400]

R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-08-29 337160]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-04-10 488768]

R3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-03-25 648456]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776]

S3 GoogleDesktopManager-010708-104812;Google Desktop Manager 5.7.801.7324; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-26 29744]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-26 138168]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]

S4 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]

S4 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]

S4 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]

S4 Creative Labs Licensing Service;Creative Labs Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe [2008-08-26 72704]

S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [2007-04-09 44032]

S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]

S4 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Info.txt:

info.txt logfile of random's system information tool 1.06 2009-07-05 16:59:31

 

======Uninstall list======

 

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009

-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009

-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009

-->MsiExec /X{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC406C89-7668-46AE-8EFE-75D199C055AB}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player-->C:\Windows\System32\Adobe\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Adobe\SHOCKW~1\Install.log

Advanced Audio FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88564CEF-20A5-4EF2-A05F-309F2EBA9B06}\setup.exe" -l0x9 /remove

Advanced Video FX Engine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove

AGEIA PhysX v7.06.26-->MsiExec.exe /X{AC434EC8-B3CC-4003-92C1-0AE751CCFEB5}

AIM 6-->C:\Program Files\AIM6\uninst.exe

AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"

Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Atlantica Online-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0CCA0731-1128-4BD4-BA53-EFFAF86F5A5C}\Setup.exe" -l0x9

avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup

Baldur's Gate II - Throne of Bhaal -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Setup.exe"

Bazooka Scanner-->"C:\Program Files\Bazooka Scanner\Uninstall.exe" "C:\Program Files\Bazooka Scanner\install.log"

Broadcom Management Programs-->MsiExec.exe /X{177D1318-3E4B-4A7C-A300-AC4E21BE090B}

Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}

Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\Setup.exe" -l0x9 /remove

DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe

Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}

Dell Touchpad-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Dell Webcam Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1A5BA3E-9ABF-4037-820B-6151022B8ACB}\setup.exe" -l0x9 /remove

Dell Webcam Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6366726-BA44-4D6A-8ECE-476E2E616AD1}\setup.exe" -l0x9 /remove

Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe

Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe

Eamonn-->"C:\Program Files\InstallShield Installation Information\{BDED1DCF-4A14-475E-83C9-81F4E29C0852}\setup.exe" -runfromtemp -l0x0009 -removeonly

EDocs-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"

Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG

Garena-->C:\Program Files\Garena\uninst.exe

Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall

Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"

GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe

Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall

Hamachi 1.0.3.0-->C:\Program Files\Hamachi\uninstall.exe

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Deskjet Printer Driver Software 9.0-->C:\Program Files\HP\Digital Imaging\{03E66394-42F0-4745-85F7-0A2F8F35C09F}\setup\hpzscr01.exe -datfile hphscr15.dat -showdisconnect -forcereboot

HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat

HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}

HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat

HP Update-->MsiExec.exe /X{7059BDA7-E1DB-442C-B7A1-6144596720A4}

Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe

Intel® PROSet/Wireless Software-->C:\Windows\Installer\iProInst.exe

iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Laptop Integrated Webcam Driver (1.04.01.1011) -->C:\Windows\CtDrvIns.exe -uninstall -script OEM002.uns -plugin OEM02Pin.dll -pluginres OEM02Pin.crl -nodisconprompt -langid 0x0409

Live! Cam Avatar Creator-->C:\Program Files\InstallShield Installation Information\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}\setup.exe -runfromtemp -l0x0009 -removeonly /remove

Live! Cam Avatar v1.0-->C:\Program Files\InstallShield Installation Information\{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}\setup.exe -runfromtemp -l0x0009 -removeonly /remove

Logitech Gaming LCD Software 1.04-->MsiExec.exe /X{F7511FE7-BA89-4939-B2EF-A3F287B0F298}

Magic Workstation 0.94f-->"C:\Program Files\Magic Workstation\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

mCore-->MsiExec.exe /I{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}

MediaDirect-->C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\setup.exe -runfromtemp -l0x0009 -cluninstall

mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Minitab 15 English-->MsiExec.exe /I{4AAC5AE8-EDE6-44D4-AA87-E90870178FDC}

mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}

Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}

MTG GamePack for Magic Workstation-->"C:\Program Files\Magic Workstation\unins001.exe"

Music, Photos & Videos Launcher-->MsiExec.exe /I{D7769185-9A7C-48D4-8874-5388743A1DE2}

mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}

Neffy 1,2,0,22-->C:\Program Files\Neffy\uninst.exe

Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

Oblivion mod manager 1.1.12-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"

Oblivion-->C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe -runfromtemp -l0x0009 -removeonly

OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}

Pokemon Netbattle Supremacy 1.0.41-->C:\Program Files\NetBattle Supremacy\Uninstall.exe

Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}

Python 3.0.1-->MsiExec.exe /I{DE2F2D9C-53E2-40EE-8209-74DA63CB060E}

QualXServ Service Agreement-->MsiExec.exe /I{903679E8-44C8-4C07-9600-05C92654FC50}

QuickSet-->MsiExec.exe /I{4B6AD248-D3BF-426A-8D64-847288154F13}

QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}

Redshark 3.20b-->MsiExec.exe /I{CC870764-5AB2-4801-9F16-8E577AD0EE27}

Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}

Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}

Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}

Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}

Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}

Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}

Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

SocksCap V2-->C:\Windows\uninst.exe -f"C:\Program Files\SocksCapV2\DeIsL1.isu" -c"C:\Program Files\SocksCapV2\_ISREG32.DLL"

Sound Blaster Audigy ADVANCED MB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}\Setup.exe" -l0x9 /remove

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG

SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}

TmNationsForever-->"C:\Program Files\TmNationsForever\unins000.exe"

Tremulous 1.1.0-->"C:\Program Files\Tremulous\uninstall.exe"

Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe

Trend Micro Internet Security-->MsiExec.exe /X{A621B45A-D138-4A95-BE10-7CABA05EF94E}

vEmotion - VoIP audio assistant-->C:\Program Files\freebird\vEmotion\Uninstall.exe

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"

Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u

Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat

WIDCOMM Bluetooth Software 6.0.1.3100-->MsiExec.exe /X{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Your Freedom-->"C:\Program Files\Your Freedom\uninstall.exe"

Yugioh Virtual Dueling-->MsiExec.exe /X{B2E3A2C8-283C-4871-A499-B2711F48D64B}

 

=====HijackThis Backups=====

 

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-07-04]

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-04]

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-07-04]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-07-04]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = [2009-07-04]

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-07-04]

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [2009-07-04]

O4 - HKLM\..\RunOnce: [TSC] "C:\Program Files\Trend Micro\Internet Security\tsc.exe" /HD [2009-07-04]

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-07-04]

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') [2009-07-04]

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" [2009-07-04]

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-07-04]

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2009-07-04]

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2009-07-04]

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-07-04]

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-07-04]

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-07-04]

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04]

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe [2009-07-04]

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-07-04]

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-04]

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-07-04]

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-07-04]

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2009-07-04]

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe [2009-07-04]

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2009-07-04]

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-07-04]

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-07-04]

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-07-04]

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-07-04]

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2009-07-04]

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2009-07-04]

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-04]

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2009-07-04]

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-07-04]

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-07-04]

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-07-04]

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-04]

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2009-07-04]

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE') [2009-07-04]

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-07-04]

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe [2009-07-04]

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-07-04]

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-07-04]

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-07-04]

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-07-04]

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe [2009-07-04]

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-07-04]

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-04]

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2009-07-04]

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-07-04]

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-07-04]

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2009-07-04]

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-07-04]

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-07-04]

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04]

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2009-07-04]

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe [2009-07-04]

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-07-04]

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-07-04]

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-07-04]

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe [2009-07-04]

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-04]

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-07-04]

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2009-07-04]

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2009-07-04]

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe [2009-07-04]

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-07-04]

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-07-04]

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-07-04]

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-04]

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-07-04]

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-07-04]

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2009-07-04]

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-07-04]

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2009-07-04]

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-04]

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-07-04]

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-07-04]

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-07-04]

 

======Hosts File======

 

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

 

======Security center information======

 

AV: Trend Micro Internet Security

FW: Trend Micro Personal Firewall

AS: Trend Micro Internet Security

AS: Spybot - Search and Destroy (disabled)

AS: Windows Defender

AS: SUPERAntiSpyware

 

======System event log======

 

Computer Name: AlexandreStr-PC

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00215C5AE131. The following error occurred:

The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Record Number: 54740

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20090213112416.000000-000

Event Type: Warning

User:

 

Computer Name: AlexandreStr-PC

Event Code: 3004

Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:

Not Applicable

Scan ID: {2F546ED6-7CAB-4F48-9D29-A83B84478288}

User: AlexandreStr-PC\Alexandre Streicher

Name: Unknown

ID:

Severity ID:

Category ID:

Path Found: driver:GarenaPEngine;file:C:\Users\Alexandre Streicher\AppData\Local\Temp\XQR6E6F.tmp

Alert Type: Unclassified software

Detection Type:

Record Number: 54788

Source Name: Microsoft-Windows-Windows Defender

Time Written: 20090214060301.000000-000

Event Type: Warning

User:

 

Computer Name: AlexandreStr-PC

Event Code: 36

Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Record Number: 54831

Source Name: Microsoft-Windows-Time-Service

Time Written: 20090214214959.000000-000

Event Type: Warning

User:

 

Computer Name: AlexandreStr-PC

Event Code: 4

Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 54841

Source Name: b57nd60x

Time Written: 20090214222913.287301-000

Event Type: Warning

User:

 

Computer Name: AlexandreStr-PC

Event Code: 6008

Message: The previous system shutdown at 5:28:16 PM on 2/14/2009 was unexpected.

Record Number: 54844

Source Name: EventLog

Time Written: 20090214222932.000000-000

Event Type: Error

User:

 

=====Application event log=====

 

Computer Name: AlexandreStr-PC

Event Code: 6000

Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Record Number: 24357

Source Name: Microsoft-Windows-Winlogon

Time Written: 20090705034449.000000-000

Event Type: Warning

User:

 

Computer Name: AlexandreStr-PC

Event Code: 6000

Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Record Number: 24360

Source Name: Microsoft-Windows-Winlogon

Time Written: 20090705034450.000000-000

Event Type: Warning

User:

 

Computer Name: AlexandreStr-PC

Event Code: 512

Message: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

 

Details:

Could not query the status of the EventSystem service.

 

System Error:

A system shutdown is in progress.

.

Record Number: 24362

Source Name: Microsoft-Windows-CAPI2

Time Written: 20090705034451.000000-000

Event Type: Error

User:

 

Computer Name: AlexandreStr-PC

Event Code: 1002

Message: The program mbam.exe version 1.38.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: d80 Start Time: 01c9fd23d9576c9c Termination Time: 8

Record Number: 24388

Source Name: Application Hang

Time Written: 20090705060535.000000-000

Event Type: Error

User:

 

Computer Name: AlexandreStr-PC

Event Code: 1002

Message: The program mbam.exe version 1.38.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: ba0 Start Time: 01c9fd36e1a106fc Termination Time: 60000

Record Number: 24390

Source Name: Application Hang

Time Written: 20090705205946.000000-000

Event Type: Error

User:

 

=====Security event log=====

 

Computer Name: AlexandreStr-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys

Record Number: 23027

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090705205921.566778-000

Event Type: Audit Failure

User:

 

Computer Name: AlexandreStr-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys

Record Number: 23028

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090705205921.609778-000

Event Type: Audit Failure

User:

 

Computer Name: AlexandreStr-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys

Record Number: 23029

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090705205921.650778-000

Event Type: Audit Failure

User:

 

Computer Name: AlexandreStr-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume3\Windows\System32\drivers\tcpip.sys

Record Number: 23030

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090705205921.692778-000

Event Type: Audit Failure

User:

 

Computer Name: AlexandreStr-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume3\Users\ALEXAN~1\AppData\Local\Temp\inyafakj.sys

Record Number: 23031

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20090705210025.744778-000

Event Type: Audit Failure

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=C:\Program Files\redshark\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=1706

"NUMBER_OF_PROCESSORS"=2

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

 

-----------------EOF-----------------

Share this post


Link to post
Share on other sites

Finally the scan finished. Good call on the rootkit btw! Now, I just hope that it will be possible to fix my computer without reformating.

GMER 1.0.15.14972 - http://www.gmer.net

Rootkit scan 2009-07-05 23:42:55

Windows 6.0.6001 Service Pack 1

 

 

---- System - GMER 1.0.15 ----

 

INT 0x52 ? 86F03BF8

INT 0x52 ? 86F03BF8

INT 0x52 ? 86F03BF8

INT 0x62 ? 86F03BF8

INT 0x72 ? 86F03BF8

INT 0x72 ? 86F03BF8

INT 0x72 ? 86F03BF8

INT 0x72 ? 86F03BF8

INT 0x92 ? 84B9ABF8

INT 0xB2 ? 8552FBF8

 

Code 89CBE3D8 ZwEnumerateKey

Code 89D6BAE0 ZwFlushInstructionCache

Code 89CCB515 IofCallDriver

Code 89CC543E IofCompleteRequest

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntkrnlpa.exe!IofCompleteRequest 81E85FE2 5 Bytes JMP 89CC5443

.text ntkrnlpa.exe!IofCallDriver 81F07F6F 5 Bytes JMP 89CCB51A

PAGE ntkrnlpa.exe!ZwFlushInstructionCache 81FFE30B 5 Bytes JMP 89D6BAE4

PAGE ntkrnlpa.exe!ZwEnumerateKey 82053BA2 5 Bytes JMP 89CBE3DC

? System32\Drivers\spql.sys The system cannot find the path specified. !

.text USBPORT.SYS!DllUnload 8DFD346F 5 Bytes JMP 86F031D8

? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Windows\system32\werfault.exe[172] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\werfault.exe[172] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\werfault.exe[172] USER32.dll!SetForegroundWindow 768AB5F5 6 Bytes JMP 5F0D0F5A

.text C:\Windows\system32\werfault.exe[172] USER32.dll!SetWindowPos 768B21FE 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\werfault.exe[172] USER32.dll!SetWindowPos + 4 768B2202 2 Bytes [12, 5F]

.text C:\Windows\system32\werfault.exe[172] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\werfault.exe[172] USER32.dll!ChangeDisplaySettingsExA 768D13E2 6 Bytes JMP 5F140F5A

.text C:\Windows\system32\werfault.exe[172] USER32.dll!ChangeDisplaySettingsExW 768EA981 6 Bytes JMP 5F170F5A

.text C:\Windows\system32\svchost.exe[332] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[332] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[332] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[468] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[468] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[468] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\SearchProtocolHost.exe[516] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\SearchProtocolHost.exe[516] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\SearchProtocolHost.exe[516] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\aestsrv.exe[532] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\aestsrv.exe[532] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\aestsrv.exe[532] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\csrss.exe[548] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\csrss.exe[548] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\csrss.exe[548] KERNEL32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\wininit.exe[616] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\wininit.exe[616] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\wininit.exe[616] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\csrss.exe[628] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\csrss.exe[628] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\services.exe[664] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\services.exe[664] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\services.exe[664] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\lsass.exe[676] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\lsass.exe[676] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\lsass.exe[676] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\lsm.exe[684] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\lsm.exe[684] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\lsm.exe[684] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[756] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[756] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[756] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[820] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[820] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[820] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[936] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\System32\svchost.exe[968] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\System32\svchost.exe[968] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\System32\svchost.exe[968] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[980] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[1140] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[1140] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[1140] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\winlogon.exe[1196] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\winlogon.exe[1196] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\winlogon.exe[1196] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[1328] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[1328] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[1328] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[1368] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[1368] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[1436] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\WLANExt.exe[1600] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\WLANExt.exe[1600] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\WLANExt.exe[1600] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\System32\spoolsv.exe[1736] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\System32\spoolsv.exe[1736] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\System32\spoolsv.exe[1736] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[1776] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[1776] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[1776] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2152] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2152] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[2152] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2160] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2160] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2160] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2180] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2180] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2180] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\wbem\wmiprvse.exe[2212] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\wbem\wmiprvse.exe[2212] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2336] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2336] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe[2336] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\STacSV.exe[2360] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\STacSV.exe[2360] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\STacSV.exe[2360] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\wbem\unsecapp.exe[2388] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\wbem\unsecapp.exe[2388] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\wbem\unsecapp.exe[2388] USER32.dll!SetForegroundWindow 768AB5F5 6 Bytes JMP 5F0D0F5A

.text C:\Windows\system32\wbem\unsecapp.exe[2388] USER32.dll!SetWindowPos 768B21FE 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\wbem\unsecapp.exe[2388] USER32.dll!SetWindowPos + 4 768B2202 2 Bytes [12, 5F]

.text C:\Windows\system32\wbem\unsecapp.exe[2388] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\wbem\unsecapp.exe[2388] USER32.dll!ChangeDisplaySettingsExA 768D13E2 6 Bytes JMP 5F140F5A

.text C:\Windows\system32\wbem\unsecapp.exe[2388] USER32.dll!ChangeDisplaySettingsExW 768EA981 6 Bytes JMP 5F170F5A

.text C:\Windows\system32\taskeng.exe[2424] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\taskeng.exe[2424] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\taskeng.exe[2424] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\svchost.exe[2916] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\svchost.exe[2916] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\svchost.exe[2916] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\taskeng.exe[3004] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\taskeng.exe[3004] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\taskeng.exe[3004] USER32.dll!SetForegroundWindow 768AB5F5 6 Bytes JMP 5F0D0F5A

.text C:\Windows\system32\taskeng.exe[3004] USER32.dll!SetWindowPos 768B21FE 3 Bytes [FF, 25, 1E]

.text C:\Windows\system32\taskeng.exe[3004] USER32.dll!SetWindowPos + 4 768B2202 2 Bytes [12, 5F]

.text C:\Windows\system32\taskeng.exe[3004] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\taskeng.exe[3004] USER32.dll!ChangeDisplaySettingsExA 768D13E2 6 Bytes JMP 5F140F5A

.text C:\Windows\system32\taskeng.exe[3004] USER32.dll!ChangeDisplaySettingsExW 768EA981 6 Bytes JMP 5F170F5A

.text C:\Windows\System32\svchost.exe[3248] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\System32\svchost.exe[3248] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\System32\svchost.exe[3248] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\SearchIndexer.exe[3300] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\SearchIndexer.exe[3300] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\SearchIndexer.exe[3300] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Dell\QuickSet\NicConfigSvc.exe[3344] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Dell\QuickSet\NicConfigSvc.exe[3344] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Dell\QuickSet\NicConfigSvc.exe[3344] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!SetForegroundWindow 768AB5F5 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!SetWindowPos 768B21FE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!SetWindowPos + 4 768B2202 2 Bytes [12, 5F]

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!ChangeDisplaySettingsExA 768D13E2 6 Bytes JMP 5F140F5A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3524] USER32.dll!ChangeDisplaySettingsExW 768EA981 6 Bytes JMP 5F170F5A

.text C:\Windows\system32\wbem\wmiprvse.exe[3636] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\wbem\wmiprvse.exe[3636] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\wbem\wmiprvse.exe[3636] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\system32\Dwm.exe[3664] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\system32\Dwm.exe[3664] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\system32\Dwm.exe[3664] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Windows\Explorer.EXE[3720] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Windows\Explorer.EXE[3720] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Windows\Explorer.EXE[3720] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Google\Google Talk\googletalk.exe[3760] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Google\Google Talk\googletalk.exe[3760] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Google\Google Talk\googletalk.exe[3760] USER32.dll!SetForegroundWindow 768AB5F5 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\Google\Google Talk\googletalk.exe[3760] USER32.dll!SetWindowPos 768B21FE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\Google\Google Talk\googletalk.exe[3760] USER32.dll!SetWindowPos + 4 768B2202 2 Bytes [12, 5F]

.text C:\Program Files\Google\Google Talk\googletalk.exe[3760] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Google\Google Talk\googletalk.exe[3760] USER32.dll!ChangeDisplaySettingsExA 768D13E2 6 Bytes JMP 5F140F5A

.text C:\Program Files\Google\Google Talk\googletalk.exe[3760] USER32.dll!ChangeDisplaySettingsExW 768EA981 6 Bytes JMP 5F170F5A

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[4032] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[4032] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Trend Micro\BM\TMBMSRV.exe[4032] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\Spyware Doctor\pctsSvc.exe[4136] kernel32.dll!CreateThread + 1A 770146E2 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[4256] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[4256] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Trend Micro\Internet Security\TmProxy.exe[4256] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\AIM6\aim6.exe[4796] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\AIM6\aim6.exe[4796] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\AIM6\aim6.exe[4796] USER32.dll!SetForegroundWindow 768AB5F5 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\AIM6\aim6.exe[4796] USER32.dll!SetWindowPos 768B21FE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\AIM6\aim6.exe[4796] USER32.dll!SetWindowPos + 4 768B2202 2 Bytes [12, 5F]

.text C:\Program Files\AIM6\aim6.exe[4796] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\AIM6\aim6.exe[4796] USER32.dll!ChangeDisplaySettingsExA 768D13E2 6 Bytes JMP 5F140F5A

.text C:\Program Files\AIM6\aim6.exe[4796] USER32.dll!ChangeDisplaySettingsExW 768EA981 6 Bytes JMP 5F170F5A

.text C:\Users\Alexandre Streicher\Desktop\gmer.exe[4812] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Users\Alexandre Streicher\Desktop\gmer.exe[4812] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Users\Alexandre Streicher\Desktop\gmer.exe[4812] USER32.dll!SetForegroundWindow 768AB5F5 6 Bytes JMP 5F0D0F5A

.text C:\Users\Alexandre Streicher\Desktop\gmer.exe[4812] USER32.dll!SetWindowPos 768B21FE 3 Bytes [FF, 25, 1E]

.text C:\Users\Alexandre Streicher\Desktop\gmer.exe[4812] USER32.dll!SetWindowPos + 4 768B2202 2 Bytes [12, 5F]

.text C:\Users\Alexandre Streicher\Desktop\gmer.exe[4812] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Users\Alexandre Streicher\Desktop\gmer.exe[4812] USER32.dll!ChangeDisplaySettingsExA 768D13E2 6 Bytes JMP 5F140F5A

.text C:\Users\Alexandre Streicher\Desktop\gmer.exe[4812] USER32.dll!ChangeDisplaySettingsExW 768EA981 6 Bytes JMP 5F170F5A

.text C:\Program Files\AIM6\aolsoftware.exe[5096] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\AIM6\aolsoftware.exe[5096] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\AIM6\aolsoftware.exe[5096] USER32.dll!SetForegroundWindow 768AB5F5 6 Bytes JMP 5F0D0F5A

.text C:\Program Files\AIM6\aolsoftware.exe[5096] USER32.dll!SetWindowPos 768B21FE 3 Bytes [FF, 25, 1E]

.text C:\Program Files\AIM6\aolsoftware.exe[5096] USER32.dll!SetWindowPos + 4 768B2202 2 Bytes [12, 5F]

.text C:\Program Files\AIM6\aolsoftware.exe[5096] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

.text C:\Program Files\AIM6\aolsoftware.exe[5096] USER32.dll!ChangeDisplaySettingsExA 768D13E2 6 Bytes JMP 5F140F5A

.text C:\Program Files\AIM6\aolsoftware.exe[5096] USER32.dll!ChangeDisplaySettingsExW 768EA981 6 Bytes JMP 5F170F5A

.text C:\Program Files\Spyware Doctor\pctsTray.exe[5788] kernel32.dll!LoadLibraryExW 76FF30C3 6 Bytes JMP 5F070F5A

.text C:\Program Files\Spyware Doctor\pctsTray.exe[5788] kernel32.dll!CreateThread + 1A 770146E2 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

.text C:\Program Files\Spyware Doctor\pctsTray.exe[5788] USER32.dll!SetWindowsHookExW 768A7B69 6 Bytes JMP 5F0A0F5A

.text C:\Program Files\Spyware Doctor\pctsTray.exe[5788] USER32.dll!SetWindowsHookExA 768CBB0E 6 Bytes JMP 5F040F5A

 

---- Kernel IAT/EAT - GMER 1.0.15 ----

 

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806916D2] \SystemRoot\System32\Drivers\spql.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80691040] \SystemRoot\System32\Drivers\spql.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [806917FC] \SystemRoot\System32\Drivers\spql.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806910BE] \SystemRoot\System32\Drivers\spql.sys

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8069113C] \SystemRoot\System32\Drivers\spql.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A1048] \SystemRoot\System32\Drivers\spql.sys

 

---- User IAT/EAT - GMER 1.0.15 ----

 

IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00150002

IAT C:\Windows\system32\services.exe[664] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00150000

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73057BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [730998C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7305D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7304F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73057599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7304E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7308B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7305D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7305012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73050095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [730471F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [730DD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [730775E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7304DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7304668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [730466BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73051E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[4136] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)

IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[4136] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDia

Share this post


Link to post
Share on other sites

[6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [02ADA621] c:\program files\aim6\services\imApp\ver6_9_15_1\imAppService.dll (imAppService EE Application Service/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aim6.exe[4796] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\AIM6\aolsoftware.exe[5096] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5788] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5788] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs 855311F8

Device \FileSystem\fastfat \FatCdrom A40DC1F8

Device \Driver\BTHUSB \Device\0000008e bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

 

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

 

Device \Driver\volmgr \Device\VolMgrControl 84B9C1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{FD0034C5-129E-4D6A-A9A8-4023BC659448} 89DC2500

Device \Driver\usbuhci \Device\USBPDO-0 8702F1F8

Device \Driver\usbuhci \Device\USBPDO-1 8702F1F8

Device \Driver\usbehci \Device\USBPDO-2 86FEC1F8

Device \Driver\usbuhci \Device\USBPDO-3 8702F1F8

Device \Driver\usbuhci \Device\USBPDO-4 8702F1F8

 

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

 

Device \Driver\usbuhci \Device\USBPDO-5 8702F1F8

Device \Driver\netbt \Device\NetBT_Tcpip_{0D6C7429-027F-4F90-839F-C737F1BAADA6} 89DC2500

Device \Driver\usbehci \Device\USBPDO-6 86FEC1F8

Device \Driver\volmgr \Device\HarddiskVolume1 84B9C1F8

 

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

 

Device \Driver\volmgr \Device\HarddiskVolume2 84B9C1F8

 

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

 

Device \Driver\volmgr \Device\HarddiskVolume3 84B9C1F8

 

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

 

Device \Driver\netbt \Device\NetBT_Tcpip_{A6BB0B5E-91AC-4903-B722-7A7D8531FF3F} 89DC2500

Device \Driver\volmgr \Device\HarddiskVolume4 84B9C1F8

 

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

 

Device \Driver\PCI_PNP7660 \Device\00000068 spql.sys

Device \Driver\netbt \Device\NetBT_Tcpip_{FB5CFA47-7116-4702-B553-A8650DFB5059} 89DC2500

Device \Driver\netbt \Device\NetBt_Wins_Export 89DC2500

Device \Driver\Smb \Device\NetbiosSmb 89D721F8

Device \Driver\iScsiPrt \Device\RaidPort0 870471F8

 

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

 

Device \Driver\usbuhci \Device\USBFDO-0 8702F1F8

Device \Driver\usbuhci \Device\USBFDO-1 8702F1F8

Device \Driver\usbehci \Device\USBFDO-2 86FEC1F8

Device \Driver\usbuhci \Device\USBFDO-3 8702F1F8

Device \Driver\usbuhci \Device\USBFDO-4 8702F1F8

Device \Driver\usbuhci \Device\USBFDO-5 8702F1F8

Device \Driver\usbehci \Device\USBFDO-6 86FEC1F8

Device \Driver\sptd \Device\87039677 spql.sys

Device \Driver\BTHUSB \Device\0000008c bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

Device \Driver\a87830kq \Device\Scsi\a87830kq1Port3Path0Target3Lun0 86F181F8

Device \Driver\a87830kq \Device\Scsi\a87830kq1 86F181F8

Device \Driver\a87830kq \Device\Scsi\a87830kq1Port3Path0Target2Lun0 86F181F8

Device \Driver\a87830kq \Device\Scsi\a87830kq1Port3Path0Target0Lun0 86F181F8

Device \Driver\a87830kq \Device\Scsi\a87830kq1Port3Path0Target1Lun0 86F181F8

Device \FileSystem\fastfat \Fat A40DC1F8

 

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

 

Device \FileSystem\cdfs \Cdfs ABF9E1F8

 

---- Services - GMER 1.0.15 ----

 

Service C:\Windows\system32\drivers\hjgruimxebyraj.sys (*** hidden *** ) [sYSTEM] hjgruijtbgqqoi <-- ROOTKIT !!!

 

---- Registry - GMER 1.0.15 ----

 

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2d9e4bb

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi@start 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi@type 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi@group file system

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi@imagepath \systemroot\system32\drivers\hjgruimxebyraj.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\main

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\main@aid 10156

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\main@sid 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\main@cmddelay 14400

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\main\delete

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\main\injector

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\main\injector@* hjgruiwsp.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\main\tasks

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\modules

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruimxebyraj.sys

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\modules@hjgruicmd.dll \systemroot\system32\hjgruiqeheipps.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\modules@hjgruilog.dat \systemroot\system32\hjgruidbhthycg.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqinecksi.dll

Reg HKLM\SYSTEM\CurrentControlSet\Services\hjgruijtbgqqoi\modules@hjgrui.dat \systemroot\system32\hjgruixcuxumiw.dat

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x3C 0x9A 0xD5 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x52 0xD9 0x1F 0xA7 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF1 0x74 0x33 0x95 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF1 0x74 0x33 0x95 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF1 0x74 0x33 0x95 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xF1 0x74 0x33 0x95 ...

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2d9e4bb

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi@start 1

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi@type 1

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi@group file system

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi@imagepath \systemroot\system32\drivers\hjgruimxebyraj.sys

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\main

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\main@aid 10156

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\main@sid 0

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\main@cmddelay 14400

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\main\delete

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\main\injector

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\main\injector@* hjgruiwsp.dll

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\main\tasks

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\modules

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruimxebyraj.sys

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\modules@hjgruicmd.dll \systemroot\system32\hjgruiqeheipps.dll

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\modules@hjgruilog.dat \systemroot\system32\hjgruidbhthycg.dat

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqinecksi.dll

Reg HKLM\SYSTEM\ControlSet002\Services\hjgruijtbgqqoi\modules@hjgrui.dat \systemroot\system32\hjgruixcuxumiw.dat

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD6 0x3C 0x9A 0xD5 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x52 0xD9 0x1F 0xA7 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF1 0x74 0x33 0x95 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF1 0x74 0x33 0x95 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF1 0x74 0x33 0x95 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xF1 0x74 0x33 0x95 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{5BE3D010-3EF3-EA3A-19EA72F7729702DF}\{352FFD75-9B70-D323-D2F13A6467AA3E3D}\{81CD47E4-7EF3-579C-2C259DBE42414B54}

Reg HKLM\SOFTWARE\Classes\CLSID\{5BE3D010-3EF3-EA3A-19EA72F7729702DF}\{352FFD75-9B70-D323-D2F13A6467AA3E3D}\{81CD47E4-7EF3-579C-2C259DBE42414B54}@JWOYTVPITEDJCHYUGDR5XL6BSC1 0x01 0x00 0x01 0x00 ...

Reg HKLM\SOFTWARE\Classes\CLSID\{DD7439DE-8878-D698-3C485D80ADEA187F}\{BE3DFA66-365B-5E4A-7917DE6528C06D4A}\{FEBDC4E7-2EEE-D959-80681B5DE578BC2D}

Reg HKLM\SOFTWARE\Classes\CLSID\{DD7439DE-8878-D698-3C485D80ADEA187F}\{BE3DFA66-365B-5E4A-7917DE6528C06D4A}\{FEBDC4E7-2EEE-D959-80681B5DE578BC2D}@JWOYTVPITEDJCHYUGDR5XL6BSC1 0x01 0x00 0x01 0x00 ...

 

---- Files - GMER 1.0.15 ----

 

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e24.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e24.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e28.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e28.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e2c.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e2c.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e2c.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e2c.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e30.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e30.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e30.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e34.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e34.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e34.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e74.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e78.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e7c.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e84.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e90.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_8c8.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_99c.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_99c.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9ac.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9ac.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9ac.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9d0.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9d0.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI4 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI5 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI1

Share this post


Link to post
Share on other sites

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI4 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI5 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\Matroska_Pack_Full_v1.1.2.exe 3992817 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\QuaDB.dat 4232 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\Temp 0 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d68.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d6c.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d6c.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d6c.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d70.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d74.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d74.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d74.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d74.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_db4.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_db8.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_db8.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dbc.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dc0.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dc4.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dc8.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dcc.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dd0.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dd4.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e10.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e10.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e10.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e14.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e1c.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi.dll 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d64.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e1c.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d40.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d48.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d54.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d54.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d54.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d58.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d58.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d58.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d5c.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d5c.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d5c.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d60.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d60.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d60.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI4 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI5 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI6 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI7 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI8 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI9 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI4 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI5 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI6 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VI3 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VIR 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI0 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI1 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI2 19086 bytes

File C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI3 19086 bytes

File C:\Users\Alexandre Streicher\AppData\Local\Mozilla\Firefox\Profiles\lhb3qx2w.default\Cache\414C164Ad01 0 bytes

File C:\Windows\System32\drivers\hjgruimxebyraj.sys 67584 bytes executable <-- ROOTKIT !!!

File C:\Windows\System32\hjgruidbhthycg.dat 28139 bytes

File C:\Windows\System32\hjgruiqeheipps.dll 42496 bytes executable

File C:\Windows\System32\hjgruiqinecksi.dll 18944 bytes

File C:\Windows\System32\hjgruixcuxumiw.dat 93 bytes

File C:\Windows\Temp\hjgruicbhxuhwnig.tmp 93 bytes

File C:\Windows\Temp\hjgruieitvskjkur.tmp 93 bytes

File C:\Windows\Temp\hjgruihygkcyyxjf.tmp 93 bytes

File C:\Windows\Temp\hjgruiibaroyheuw.tmp 18944 bytes

File C:\Windows\Temp\hjgruiirxxkuimws.tmp 93 bytes

File C:\Windows\Temp\hjgruinmeedferno.tmp 93 bytes

File C:\Windows\Temp\hjgruipexmsaqpem.tmp 93 bytes

File C:\Windows\Temp\hjgruirbbaljhlav.tmp 18944 bytes

File C:\Windows\Temp\hjgruirfdqswiayd.tmp 18944 bytes

File C:\Windows\Temp\hjgruittvponbwvx.tmp 18944 bytes

File C:\Windows\Temp\hjgruivscoivohjd.tmp 18944 bytes

File C:\Windows\Temp\hjgruixsawxxvsci.tmp 18944 bytes

 

---- EOF - GMER 1.0.15 ----

 

 

Phew, Ok Katana, there's everything. Hopefully you'll be able to work your computer magic.

Edited by Stryke

Share this post


Link to post
Share on other sites

Information

 

AntiVirus

You appear to have avast! Antivirus and Trend Micro Internet Security

First you should know that you're actually doing more harm than good by running more than one Anti Virus program.

When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.

I recommend that you choose one that you want to keep.

The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.

 

Registry Cleaners

 

Re. Eusing Free Registry Cleaner

 

I don't personally recommend the use of ANY registry cleaners.

Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.

The point we are trying to make is that the risk of using one far outweighs any benefit.

If it does work perfectly you will not see any difference

If it doesn't work properly you may end up with an expensive doorstop.

http://forums.whatthetech.com/Regcleaner_t42862.html

 

----------------------------------------------------------------------------------------

Step 1

 

Malwarebytes' Anti-Malware

I notice that you have MBAM installed, please do the following

  • Start MalwareBytes AntiMalware
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------

Step 2

 

 

Download and Run ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:

 

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop

  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

  • Double click combofix.exe & follow the prompts.

  • When finished, it will produce a log. Please save that log to post in your next reply

  • Re-enable all the programs that were disabled during the running of ComboFix..

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

  • MalwareBytes Log
  • Combofix Log
  • How are things running now ?

 

Your Java and Adobe are out of date. Older versions have vulnerabilities that malware can use to infect your system.

 

Please follow these steps to remove older version Java and Adobe components and update.

 

Updating Java:

  • Download the latest version of Java Runtime Environment (JRE) from HERE
  • Scroll down to where it says "Java SE Runtime Environment (JRE)".
  • Click the "Download" button to the right.
    • Platform = Windows
    • Language = Multi Language
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Update Adobe Acrobat Reader

Adobe Reader is a large program and uses unnecessary space.

If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

  • Please go to this link Adobe Acrobat Reader Download Link
  • Cllick Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts
Now close all windows, including your browser.

Double click on the Java installation that you downloaded and follow the prompts.

 

Remove Programs

Now click Start---Control Panel. Double click Add or Remove Programs. If any of the following programs are listed there,

click on the program to highlight it, and click on remove.

  • Adobe Reader 8.1.2

    Java™ 6 Update 5

Now close the Control Panel.

 

Reboot your machine.

Share this post


Link to post
Share on other sites

Well, Malewarebyte stalls and freezes after scanning around 100000 files. It said that there were no files infected up to that point...? Anyway, I decided to run ComboFix, I stopped all the antivirus and antispyware programs that I had, and I ran combofix. After clicking through about 100 bad image error messages, I got it to run. It worked, and everything is working quite nicely now. I am going to run Malewarebyte again, then update my programs. Here is the log file for Combofix:

 

ComboFix 09-07-05.03 - Alexandre Streicher 07/06/2009 17:44.1 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3069.1715 [GMT -4:00]

Running from: c:\users\Alexandre Streicher\Downloads\ComboFix.exe

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\$recycle.bin\S-1-5-21-1663819663-2835008902-2856250938-500

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500

c:\$recycle.bin\S-1-5-21-967294451-803011006-1897551183-500

c:\windows\system32\AutoRun.inf

c:\windows\system32\drivers\hjgruimxebyraj.sys

c:\windows\system32\hjgruidbhthycg.dat

c:\windows\system32\hjgruiqeheipps.dll

c:\windows\system32\hjgruiqinecksi.dll

c:\windows\system32\hjgruixcuxumiw.dat

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_hjgruijtbgqqoi

 

 

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))

.

 

2009-07-06 21:52 . 2009-07-06 21:52 -------- d-----w- c:\users\Alexandre Streicher\AppData\Local\temp

2009-07-05 20:59 . 2009-07-05 20:59 -------- d-----w- C:\rsit

2009-07-05 08:36 . 2009-07-05 08:36 -------- d-----w- c:\users\Alexandre Streicher\AppData\Local\AOL

2009-07-05 01:29 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-05 01:29 . 2009-07-05 01:29 -------- d-----w- c:\programdata\Malwarebytes

2009-07-05 01:29 . 2009-07-05 03:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-05 01:29 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-05 01:10 . 2009-07-05 01:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2009-07-05 01:10 . 2009-07-05 01:10 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-07-05 01:06 . 2009-07-05 01:06 -------- d-----w- c:\program files\Alwil Software

2009-07-05 01:03 . 2009-07-06 21:33 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2009-07-05 00:38 . 2009-07-06 21:34 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-07-05 00:38 . 2009-07-06 21:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-07-05 00:16 . 2009-07-06 21:28 10752 ----a-w- c:\windows\DCEBoot.exe

2009-07-04 00:07 . 2009-07-04 00:07 -------- d-----w- c:\program files\redshark

2009-07-02 20:27 . 2009-07-02 20:27 -------- d-----w- c:\program files\Veoh Networks

2009-06-27 18:08 . 2009-06-27 18:08 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-06-23 00:45 . 2009-06-23 00:45 -------- d-----w- c:\program files\Yugioh Virtual Dueling

2009-06-20 00:43 . 2009-06-20 02:10 -------- d-----w- c:\programdata\TrackMania

2009-06-20 00:39 . 2009-06-20 00:41 -------- d-----w- c:\program files\TmNationsForever

2009-06-14 18:45 . 2009-06-14 18:45 -------- d-----w- c:\program files\Common Files\Software Update Utility

2009-06-14 18:45 . 2009-06-14 18:45 -------- d-----w- c:\program files\AIM Toolbar

2009-06-14 18:45 . 2009-06-14 18:45 -------- d-----w- c:\programdata\AIM Toolbar

2009-06-13 20:51 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-06-13 20:51 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-06-10 10:35 . 2009-06-10 10:35 -------- d-----w- c:\program files\Your Freedom

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-06 21:42 . 2008-08-26 12:01 12 ----a-w- c:\windows\bthservsdp.dat

2009-07-06 21:33 . 2009-05-03 21:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-05 01:36 . 2008-08-26 12:55 -------- d-----w- c:\program files\Trend Micro

2009-07-05 00:46 . 2008-10-28 20:59 -------- d-----w- c:\program files\Download Manager

2009-07-05 00:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2009-07-05 00:20 . 2008-10-05 05:59 -------- d-----w- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\skypePM

2009-07-04 04:01 . 2008-09-09 00:25 -------- d-----w- c:\program files\Warcraft III

2009-07-03 01:20 . 2009-01-26 05:04 -------- d-----w- c:\program files\Garena

2009-06-29 21:16 . 2008-09-09 00:04 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-06-24 23:15 . 2009-03-17 17:16 -------- d-----w- c:\program files\Evolution Tools

2009-06-14 18:46 . 2008-09-09 00:16 -------- d-----w- c:\program files\AIM6

2009-06-14 18:45 . 2008-09-09 00:16 -------- d-----w- c:\program files\Viewpoint

2009-06-14 18:45 . 2008-09-09 00:16 -------- d-----w- c:\programdata\Viewpoint

2009-05-18 02:46 . 2009-05-15 15:41 -------- d-----w- c:\program files\Guild Wars

2009-05-16 17:28 . 2009-05-16 17:28 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2009-05-16 17:28 . 2009-05-16 17:28 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

2009-05-15 15:41 . 2009-05-15 15:41 -------- d-----w- c:\programdata\Media Center Programs

2009-05-14 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-11 01:18 . 2009-05-11 01:18 -------- d-----w- c:\program files\freebird

2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll

2009-04-29 17:04 . 2008-09-08 23:28 58896 ----a-w- c:\users\Alexandre Streicher\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-24 16:05 . 2009-06-10 10:39 827904 ----a-w- c:\windows\system32\wininet.dll

2009-04-24 16:02 . 2009-06-10 10:39 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-24 13:44 . 2009-06-10 10:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-04-23 12:43 . 2009-06-10 10:39 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 10:39 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-10 10:39 2033152 ----a-w- c:\windows\system32\win32k.sys

2008-08-26 12:32 . 2008-08-26 12:32 74 --sh--r- c:\windows\CT4CET.bin

2008-08-26 19:15 . 2008-08-26 18:19 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D3C20FD1-BEDB-4486-AB24-9AD7F3ED4335}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{E1780419-49C5-42B0-90F7-4B2486998C0E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8999E27F-3746-4BCA-B794-D654C8B928AC}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{2CA2DF8A-EB3C-4348-A13E-81D4114C2067}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{43BE5A43-85A9-4843-9152-D01CB9BFE3E2}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{2A35B872-3A3A-43EA-865A-D64BDA6D356B}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{90CA9EDC-3909-4FA9-9411-AB17AC03DF6F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{3DD3B39E-AAB8-455E-B12D-D26CD9D3A94E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{4E7C3C25-5F62-4593-8BC7-F522AFF3509F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{A7701262-2C22-47BF-A3B3-1E9A71F0C0BF}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{0A39033A-2D17-46BB-9C12-B951A8BE58F7}"= UDP:c:\program files\AIM6\aim6.exe:AIM

"{99E64D4E-34B5-4077-8C71-2C0688CD999C}"= TCP:c:\program files\AIM6\aim6.exe:AIM

"{F07A59B0-5480-4635-9D94-C7BC629908C1}"= UDP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne

"{0275F753-25E9-4FBC-A53D-3D95D4C0257F}"= TCP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne

"{B0AE5FDE-3F96-4C87-94A7-04063B75AAA5}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi

"{F6794A12-2AA3-4584-8EBA-557E3524C021}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi

"TCP Query User{67AE4C0E-03C3-425C-BBCC-5EDB687A835C}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{AC9A7DA9-1BA1-4396-B716-47BEE48A5B4F}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"TCP Query User{D618A343-71D5-4C4E-910B-CC9FD5E9CAED}c:\\users\\alexandre streicher\\downloads\\lancraft101b\\lancraft.exe"= UDP:c:\users\alexandre streicher\downloads\lancraft101b\lancraft.exe:lancraft.exe

"UDP Query User{4799CB0F-3B48-41E0-AB70-8AEEFD8EE839}c:\\users\\alexandre streicher\\downloads\\lancraft101b\\lancraft.exe"= TCP:c:\users\alexandre streicher\downloads\lancraft101b\lancraft.exe:lancraft.exe

"TCP Query User{002DD4AE-1541-4CA6-B2BA-CEE5E4847C56}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{79FDCDCF-6BB8-4DAC-8563-71FDB9FCFCA6}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"TCP Query User{5BB3E528-FC31-438F-966A-5EE31569D8AA}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM

"UDP Query User{B336CC5C-CE69-47D4-9EAF-804EA3F38929}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM

"TCP Query User{344B93AF-ED9A-4B34-B30B-3B80888E9236}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{1F2DA7C2-0AD7-43E4-B3F5-481269CB7EAC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"TCP Query User{3AABB8DC-1DD6-4DB2-8B4E-4891177157C1}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{9D72E365-A51F-4569-944F-67A00E95CA6B}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{52D282B9-DB4E-4E42-A6A4-09D359C4B3AA}c:\\users\\alexandre streicher\\downloads\\lancraft101b\\lancraft.exe"= UDP:c:\users\alexandre streicher\downloads\lancraft101b\lancraft.exe:lancraft.exe

"UDP Query User{031F09E2-2E81-4A48-9133-EB88203E8027}c:\\users\\alexandre streicher\\downloads\\lancraft101b\\lancraft.exe"= TCP:c:\users\alexandre streicher\downloads\lancraft101b\lancraft.exe:lancraft.exe

"{41FAAF55-4494-41C4-9DB0-335E3038CD74}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{522132A9-9811-4501-905B-8C70A6DA8F15}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{6069B3AB-9BDF-460A-81A6-E26F9D47095B}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{F377A5B7-1ECC-4B72-BA1E-F7717893513B}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{56FE4B51-CA33-4B53-8A9D-03E06111DC6F}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"TCP Query User{C0DD9C9F-8603-4BB8-891E-650EDF861C97}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{B4DDC4BC-6D5E-472C-9CA7-54E2CBF14F45}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"{A9B8DB2B-F19C-4C5D-9422-E767E6A42994}"= UDP:c:\program files\Tremulous\tremulous.exe:Tremulous

"{537724C1-75E7-4E5C-8FD2-C4740820F563}"= TCP:c:\program files\Tremulous\tremulous.exe:Tremulous

"TCP Query User{9C58BE15-E8C9-411B-9072-7C4B10944A17}c:\\program files\\tremulous\\tremulous.exe"= UDP:c:\program files\tremulous\tremulous.exe:tremulous

"UDP Query User{D54F400A-A15B-415D-A36A-462FA3F65C58}c:\\program files\\tremulous\\tremulous.exe"= TCP:c:\program files\tremulous\tremulous.exe:tremulous

"{C5BE4E6E-5836-46A6-9162-A95241E3CA2B}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2.exe:nwn2

"{019568FF-8004-4F0F-A61C-78862CA1EC58}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2.exe:nwn2

"{4C2DD476-2D02-4901-A907-72D805B83CA6}"= UDP:c:\users\Alexandre Streicher\Downloads\wowclient-downloader.exe:Blizzard Downloader

"{4DFD2281-9FBA-41AC-834E-034FFE3727A4}"= TCP:c:\users\Alexandre Streicher\Downloads\wowclient-downloader.exe:Blizzard Downloader

"{99469314-6EC9-4FAD-82A3-20D063BFBF8E}"= UDP:3724:Blizzard Downloader: 3724

"{AA7FBD85-E303-4E97-9E94-0422E00DA965}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{B380BB7D-E6CB-4AEF-88FC-D5CA2B3C922C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{68E5C89C-D422-45F1-9994-66761AFC7FC1}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{8E51CFEE-5F58-4792-BE20-E8BFBF7E63D1}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{3050A3F3-1DBC-4B3F-A0D2-2D7632F611B0}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{95B131F1-69A1-4922-8F8C-7CF1E217A811}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{0D41BFE6-9956-4503-BAC6-9AFBFD169B44}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{31C3EF95-3DDC-47C2-AEF0-6A3E4E32ED46}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C44AB8FF-5B78-44F7-8A2F-EE07CC1E178C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1598C597-CECD-4223-8222-8CA04108FFDA}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{A782668E-6281-4729-9101-61B07BBB5F48}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{7C1BCAE2-C17E-42D6-9483-C1260D6D43A3}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main

"{1FE4094B-7E00-473E-BED0-9F03F6F11E2B}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main

"{47687911-EC4E-4C51-B97D-8AF2A8B26AC0}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD

"{14C1929C-D7D5-4A26-B81B-C7B0888994EB}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD

"{20EB0F65-6177-4FA5-A8FE-EBADFA16F8FE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater

"{6541B863-0DBE-40AE-9B12-710DBCAC7814}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater

"{C10E85AC-B713-47B4-9C90-8EBE39DE2F79}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server

"{09AAC862-6EB6-4358-9244-30C1D1AFD957}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server

"{940C4DDC-B1AE-4EA0-BE11-ACB12664C556}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{71D20AE0-1370-46AC-B1E6-FE0856ADE164}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{0DA61E78-0551-4325-ABC8-637B1E1A648C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F8896F20-DF06-4E68-9173-C00924801CBC}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{0FF80201-2616-42AD-93D0-46212386EA68}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{24EC12CA-D68D-486A-BCE6-44FA3E9A2C37}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{13F1E209-8665-4FD7-8B56-36CF2390F225}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{DE2177DF-CFBB-4D57-AB7C-DE02BDE09B4A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{159E6827-8426-4B1F-B865-FD4BED1CE5EF}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{749E2171-AA5C-4BEA-9924-3C9502AD0DEF}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{18DCF6EF-B5AF-4417-A1DD-4283B3A1DE8F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{85F4DDF4-3161-4233-A4F1-7BF0CB9B098F}"= c:\program files\Skype\Phone\Skype.exe:Skype

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [3/25/2008 12:27 PM 142352]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [8/26/2008 7:58 AM 73728]

R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [3/25/2008 12:27 PM 52624]

R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [3/25/2008 12:26 PM 36368]

R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [3/25/2008 12:27 PM 234512]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [8/26/2008 3:48 PM 179712]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [8/26/2008 3:47 PM 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [8/26/2008 3:47 PM 7424]

R3 physX32;physX32;c:\windows\System32\drivers\physX32.sys [8/26/2008 3:48 PM 117888]

R3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/8/2008 7:31 PM 488768]

R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [9/8/2008 7:32 PM 648456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

- - - - ORPHANS REMOVED - - - -

 

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = about:blank

FF - ProfilePath -

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-06 17:52

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-967294451-803011006-1897551183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f3,89,8e,c6,66,0f,99,4d,35,a4,c6,e9,99,ef,06,f9,fc,68,bb,62,91,c7,db,

d6,da,24,45,b3,28,0b,ac,de,c2,fc,3e,7d,3d,c5,8f,7e,72,9d,80,2f,9e,7e,a3,a7,\

"??"=hex:d2,5e,52,59,8f,40,a1,d2,2f,75,fe,07,f0,58,29,45

 

[HKEY_USERS\S-1-5-21-967294451-803011006-1897551183-1000\Software\SecuROM\License information*]

"datasecu"=hex:1a,b1,ba,77,61,59,1e,b0,07,e5,bc,05,0f,13,bb,6e,42,45,08,5d,f5,

74,bd,19,d1,7d,dd,a7,7e,ac,ce,b0,36,96,4c,af,ba,5a,d9,0c,72,2f,d0,05,8f,81,\

"rkeysecu"=hex:0f,39,7c,5f,e4,3b,2e,5c,ed,5d,57,79,14,aa,63,bc

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BE3D010-3EF3-EA3A-19EA72F7729702DF}\{352FFD75-9B70-D323-D2F13A6467AA3E3D}\{81CD47E4-7EF3-579C-2C259DBE42414B54}*]

"JWOYTVPITEDJCHYUGDR5XL6BSC1"=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,

80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD7439DE-8878-D698-3C485D80ADEA187F}\{BE3DFA66-365B-5E4A-7917DE6528C06D4A}\{FEBDC4E7-2EEE-D959-80681B5DE578BC2D}*]

"JWOYTVPITEDJCHYUGDR5XL6BSC1"=hex:01,00,01,00,00,00,00,00,b1,dc,8a,ef,e5,23,43,

80,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

Completion time: 2009-07-06 17:53

ComboFix-quarantined-files.txt 2009-07-06 21:53

 

Pre-Run: 100,097,495,040 bytes free

Post-Run: 100,228,816,896 bytes free

 

241 --- E O F --- 2009-07-06 19:49

Share this post


Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.38

Database version: 2375

Windows 6.0.6001 Service Pack 1

 

7/6/2009 6:10:14 PM

mbam-log-2009-07-06 (18-10-14).txt

 

Scan type: Quick Scan

Objects scanned: 78770

Time elapsed: 8 minute(s), 45 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Information

 

Looking good :)

Just a few more steps now ....

 

----------------------------------------------------------------------------------------

Step 1

 

Custom CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

     

    RegNull::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BE3D010-3EF3-EA3A-19EA72F7729702DF}\{352FFD75-9B70-D323-D2F13A6467AA3E3D}\{81CD47E4-7EF3-579C-2C259DBE42414B54}*]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DD7439DE-8878-D698-3C485D80ADEA187F}\{BE3DFA66-365B-5E4A-7917DE6528C06D4A}\{FEBDC4E7-2EEE-D959-80681B5DE578BC2D}*]
    ADS::
  • Save this as CFScript.txt and place it on your desktop.

     

     

    Posted Image

     

     

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.

  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

 

 

----------------------------------------------------------------------------------------

Step 2

 

Kaspersky Online Scanner .

Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal

NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin

Go Here http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

 

Read the Requirements and limitations before you click Accept.

Once the database has downloaded, click My Computer in the left pane

Now go and put the kettle on !

When the scan has completed, click Save Report As...

Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)

Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

 

 

**Note**

 

To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

 

----------------------------------------------------------------------------------------

Logs/Information to Post in Reply

Please post the following logs/Information in your reply

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

  • Combofix Log
  • Kaspersky Log
  • How are things running now ?

Share this post


Link to post
Share on other sites

Everything is fine:

 

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Tuesday, July 7, 2009

Operating System: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Tuesday, July 07, 2009 07:27:42

Records in database: 2434931

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

F:\

G:\

H:\

I:\

 

Scan statistics:

Files scanned: 204847

Threat name: 1

Infected objects: 162

Suspicious objects: 0

Duration of the scan: 02:28:08

 

 

File name / Threat name / Threats count

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi.dll Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_8c8.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_928.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_928.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_99c.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_99c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9ac.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9ac.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9ac.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9ac.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9ac.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9d0.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_9d0.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI4 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI5 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI6 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI7 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VI8 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ac8.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI4 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI5 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VI6 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_acc.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VI4 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad0.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI4 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VI5 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad4.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.V10 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.V11 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI4 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI5 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI6 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI7 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI8 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VI9 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ad8.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.V10 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI4 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI5 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI6 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI7 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI8 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VI9 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_adc.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae0.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VI4 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae4.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI4 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI5 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VI6 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_ae8.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b2c.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b2c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b48.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b48.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b4c.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b4c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b50.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b50.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b5c.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_b5c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d40.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d48.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d54.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d54.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d54.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d58.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d58.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d58.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d5c.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d5c.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d5c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d60.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d60.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d60.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d64.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d68.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d6c.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d6c.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d6c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d70.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d74.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d74.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d74.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_d74.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_db4.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_db8.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_db8.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dbc.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dc0.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dc4.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dc8.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dcc.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dd0.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_dd4.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e10.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e10.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e10.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e14.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VI3 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e18.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e1c.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e1c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e24.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e24.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e28.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e28.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e2c.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e2c.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e2c.VI2 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e2c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e30.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e30.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e30.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e34.VI0 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e34.VI1 Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e34.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e74.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e78.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e7c.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e84.VIR Infected: Trojan.Win32.Monder.cqbi 1

C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqinecksi_e90.VIR Infected: Trojan.Win32.Monder.cqbi 1

 

The selected area was scanned.

Share this post


Link to post
Share on other sites

ComboFix 09-07-05.03 - Alexandre Streicher 07/07/2009 5:22.2 - NTFSx86

Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.3069.1589 [GMT -4:00]

Running from: c:\users\Alexandre Streicher\Downloads\ComboFix.exe

Command switches used :: c:\users\Alexandre Streicher\Downloads\CFScript.txt

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

SP: Trend Micro Internet Security *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

 

((((((((((((((((((((((((( Files Created from 2009-06-07 to 2009-07-07 )))))))))))))))))))))))))))))))

.

 

2009-07-07 05:06 . 2009-07-07 05:07 -------- d-----w- c:\users\Alexandre Streicher\AppData\Local\Adobe

2009-07-06 22:02 . 2009-07-06 22:02 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-07-06 21:53 . 2009-07-07 09:27 -------- d-----w- c:\users\Alexandre Streicher\AppData\Local\temp

2009-07-05 20:59 . 2009-07-05 20:59 -------- d-----w- C:\rsit

2009-07-05 08:36 . 2009-07-05 08:36 -------- d-----w- c:\users\Alexandre Streicher\AppData\Local\AOL

2009-07-05 01:29 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-05 01:29 . 2009-07-05 01:29 -------- d-----w- c:\programdata\Malwarebytes

2009-07-05 01:29 . 2009-07-05 03:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-05 01:29 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-05 01:10 . 2009-07-05 01:10 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2009-07-05 01:10 . 2009-07-05 01:10 -------- d-----w- c:\program files\SUPERAntiSpyware

2009-07-05 01:06 . 2009-07-05 01:06 -------- d-----w- c:\program files\Alwil Software

2009-07-05 01:03 . 2009-07-06 21:33 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2009-07-05 00:38 . 2009-07-06 21:34 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-07-05 00:38 . 2009-07-06 21:34 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2009-07-05 00:16 . 2009-07-06 21:28 10752 ----a-w- c:\windows\DCEBoot.exe

2009-07-04 00:07 . 2009-07-04 00:07 -------- d-----w- c:\program files\redshark

2009-07-02 20:27 . 2009-07-02 20:27 -------- d-----w- c:\program files\Veoh Networks

2009-06-27 18:08 . 2009-06-27 18:08 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-06-23 00:45 . 2009-06-23 00:45 -------- d-----w- c:\program files\Yugioh Virtual Dueling

2009-06-20 00:43 . 2009-06-20 02:10 -------- d-----w- c:\programdata\TrackMania

2009-06-20 00:39 . 2009-06-20 00:41 -------- d-----w- c:\program files\TmNationsForever

2009-06-14 18:45 . 2009-06-14 18:45 -------- d-----w- c:\program files\Common Files\Software Update Utility

2009-06-14 18:45 . 2009-06-14 18:45 -------- d-----w- c:\program files\AIM Toolbar

2009-06-14 18:45 . 2009-06-14 18:45 -------- d-----w- c:\programdata\AIM Toolbar

2009-06-13 20:51 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

2009-06-13 20:51 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll

2009-06-10 10:35 . 2009-06-10 10:35 -------- d-----w- c:\program files\Your Freedom

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-07-07 04:04 . 2008-10-05 05:59 -------- d-----w- c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\skypePM

2009-07-07 03:06 . 2008-09-09 00:25 -------- d-----w- c:\program files\Warcraft III

2009-07-06 23:55 . 2009-01-26 05:04 -------- d-----w- c:\program files\Garena

2009-07-06 22:06 . 2008-09-11 02:35 -------- d-----w- c:\program files\Common Files\Adobe

2009-07-06 22:01 . 2008-08-26 12:25 -------- d-----w- c:\program files\Java

2009-07-06 21:42 . 2008-08-26 12:01 12 ----a-w- c:\windows\bthservsdp.dat

2009-07-06 21:33 . 2009-05-03 21:01 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-07-05 01:36 . 2008-08-26 12:55 -------- d-----w- c:\program files\Trend Micro

2009-07-05 00:46 . 2008-10-28 20:59 -------- d-----w- c:\program files\Download Manager

2009-07-05 00:40 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2009-06-29 21:16 . 2008-09-09 00:04 -------- d-----w- c:\program files\Mozilla Thunderbird

2009-06-24 23:15 . 2009-03-17 17:16 -------- d-----w- c:\program files\Evolution Tools

2009-06-14 18:46 . 2008-09-09 00:16 -------- d-----w- c:\program files\AIM6

2009-06-14 18:45 . 2008-09-09 00:16 -------- d-----w- c:\program files\Viewpoint

2009-06-14 18:45 . 2008-09-09 00:16 -------- d-----w- c:\programdata\Viewpoint

2009-05-18 02:46 . 2009-05-15 15:41 -------- d-----w- c:\program files\Guild Wars

2009-05-16 17:28 . 2009-05-16 17:28 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2009-05-16 17:28 . 2009-05-16 17:28 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

2009-05-15 15:41 . 2009-05-15 15:41 -------- d-----w- c:\programdata\Media Center Programs

2009-05-14 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-05-11 01:18 . 2009-05-11 01:18 -------- d-----w- c:\program files\freebird

2009-05-06 18:11 . 2009-05-06 18:11 69120 ----a-w- c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll

2009-04-29 17:04 . 2008-09-08 23:28 58896 ----a-w- c:\users\Alexandre Streicher\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-24 16:05 . 2009-06-10 10:39 827904 ----a-w- c:\windows\system32\wininet.dll

2009-04-24 16:02 . 2009-06-10 10:39 78336 ----a-w- c:\windows\system32\ieencode.dll

2009-04-24 13:44 . 2009-06-10 10:39 26624 ----a-w- c:\windows\system32\ieUnatt.exe

2009-04-23 12:43 . 2009-06-10 10:39 784896 ----a-w- c:\windows\system32\rpcrt4.dll

2009-04-23 12:42 . 2009-06-10 10:39 636928 ----a-w- c:\windows\system32\localspl.dll

2009-04-21 11:55 . 2009-06-10 10:39 2033152 ----a-w- c:\windows\system32\win32k.sys

2008-08-26 12:32 . 2008-08-26 12:32 74 --sh--r- c:\windows\CT4CET.bin

2008-08-26 19:15 . 2008-08-26 18:19 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((( SnapShot@2009-07-06_21.52.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-11-02 13:03 . 2009-07-06 23:55 76992 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-09-08 23:29 . 2009-07-06 23:55 10384 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-967294451-803011006-1897551183-1000_UserData.bin

- 2009-07-06 21:43 . 2009-07-06 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-07-06 21:43 . 2009-07-06 23:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-07-06 21:43 . 2009-07-06 21:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-06 21:43 . 2009-07-06 23:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2006-11-02 10:33 . 2009-07-07 00:00 595684 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-07-06 21:50 595684 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-07-06 21:50 101350 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-07-07 00:00 101350 c:\windows\System32\perfc009.dat

+ 2009-07-06 22:02 . 2009-07-06 22:02 148888 c:\windows\System32\javaws.exe

+ 2009-07-06 22:02 . 2009-07-06 22:02 144792 c:\windows\System32\javaw.exe

+ 2009-07-06 22:02 . 2009-07-06 22:02 144792 c:\windows\System32\java.exe

+ 2009-07-06 22:07 . 2009-07-06 22:07 3938816 c:\windows\Installer\11875d.msi

+ 2009-07-06 22:01 . 2009-07-06 22:01 1563648 c:\windows\Installer\118471.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]

"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-03-25 492808]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-06 148888]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{D3C20FD1-BEDB-4486-AB24-9AD7F3ED4335}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{E1780419-49C5-42B0-90F7-4B2486998C0E}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{8999E27F-3746-4BCA-B794-D654C8B928AC}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect

"{2CA2DF8A-EB3C-4348-A13E-81D4114C2067}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program

"{43BE5A43-85A9-4843-9152-D01CB9BFE3E2}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine

"{2A35B872-3A3A-43EA-865A-D64BDA6D356B}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server

"{90CA9EDC-3909-4FA9-9411-AB17AC03DF6F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{3DD3B39E-AAB8-455E-B12D-D26CD9D3A94E}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{4E7C3C25-5F62-4593-8BC7-F522AFF3509F}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{A7701262-2C22-47BF-A3B3-1E9A71F0C0BF}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{0A39033A-2D17-46BB-9C12-B951A8BE58F7}"= UDP:c:\program files\AIM6\aim6.exe:AIM

"{99E64D4E-34B5-4077-8C71-2C0688CD999C}"= TCP:c:\program files\AIM6\aim6.exe:AIM

"{F07A59B0-5480-4635-9D94-C7BC629908C1}"= UDP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne

"{0275F753-25E9-4FBC-A53D-3D95D4C0257F}"= TCP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne

"{B0AE5FDE-3F96-4C87-94A7-04063B75AAA5}"= UDP:c:\program files\Hamachi\hamachi.exe:Hamachi

"{F6794A12-2AA3-4584-8EBA-557E3524C021}"= TCP:c:\program files\Hamachi\hamachi.exe:Hamachi

"TCP Query User{67AE4C0E-03C3-425C-BBCC-5EDB687A835C}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{AC9A7DA9-1BA1-4396-B716-47BEE48A5B4F}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"TCP Query User{D618A343-71D5-4C4E-910B-CC9FD5E9CAED}c:\\users\\alexandre streicher\\downloads\\lancraft101b\\lancraft.exe"= UDP:c:\users\alexandre streicher\downloads\lancraft101b\lancraft.exe:lancraft.exe

"UDP Query User{4799CB0F-3B48-41E0-AB70-8AEEFD8EE839}c:\\users\\alexandre streicher\\downloads\\lancraft101b\\lancraft.exe"= TCP:c:\users\alexandre streicher\downloads\lancraft101b\lancraft.exe:lancraft.exe

"TCP Query User{002DD4AE-1541-4CA6-B2BA-CEE5E4847C56}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III

"UDP Query User{79FDCDCF-6BB8-4DAC-8563-71FDB9FCFCA6}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III

"TCP Query User{5BB3E528-FC31-438F-966A-5EE31569D8AA}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM

"UDP Query User{B336CC5C-CE69-47D4-9EAF-804EA3F38929}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM

"TCP Query User{344B93AF-ED9A-4B34-B30B-3B80888E9236}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent

"UDP Query User{1F2DA7C2-0AD7-43E4-B3F5-481269CB7EAC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent

"TCP Query User{3AABB8DC-1DD6-4DB2-8B4E-4891177157C1}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client

"UDP Query User{9D72E365-A51F-4569-944F-67A00E95CA6B}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client

"TCP Query User{52D282B9-DB4E-4E42-A6A4-09D359C4B3AA}c:\\users\\alexandre streicher\\downloads\\lancraft101b\\lancraft.exe"= UDP:c:\users\alexandre streicher\downloads\lancraft101b\lancraft.exe:lancraft.exe

"UDP Query User{031F09E2-2E81-4A48-9133-EB88203E8027}c:\\users\\alexandre streicher\\downloads\\lancraft101b\\lancraft.exe"= TCP:c:\users\alexandre streicher\downloads\lancraft101b\lancraft.exe:lancraft.exe

"{41FAAF55-4494-41C4-9DB0-335E3038CD74}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{522132A9-9811-4501-905B-8C70A6DA8F15}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk

"{6069B3AB-9BDF-460A-81A6-E26F9D47095B}"= c:\program files\Skype\Phone\Skype.exe:Skype

"TCP Query User{F377A5B7-1ECC-4B72-BA1E-F7717893513B}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{56FE4B51-CA33-4B53-8A9D-03E06111DC6F}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"TCP Query User{C0DD9C9F-8603-4BB8-891E-650EDF861C97}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"UDP Query User{B4DDC4BC-6D5E-472C-9CA7-54E2CBF14F45}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java Platform SE binary

"{A9B8DB2B-F19C-4C5D-9422-E767E6A42994}"= UDP:c:\program files\Tremulous\tremulous.exe:Tremulous

"{537724C1-75E7-4E5C-8FD2-C4740820F563}"= TCP:c:\program files\Tremulous\tremulous.exe:Tremulous

"TCP Query User{9C58BE15-E8C9-411B-9072-7C4B10944A17}c:\\program files\\tremulous\\tremulous.exe"= UDP:c:\program files\tremulous\tremulous.exe:tremulous

"UDP Query User{D54F400A-A15B-415D-A36A-462FA3F65C58}c:\\program files\\tremulous\\tremulous.exe"= TCP:c:\program files\tremulous\tremulous.exe:tremulous

"{C5BE4E6E-5836-46A6-9162-A95241E3CA2B}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2.exe:nwn2

"{019568FF-8004-4F0F-A61C-78862CA1EC58}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2.exe:nwn2

"{4C2DD476-2D02-4901-A907-72D805B83CA6}"= UDP:c:\users\Alexandre Streicher\Downloads\wowclient-downloader.exe:Blizzard Downloader

"{4DFD2281-9FBA-41AC-834E-034FFE3727A4}"= TCP:c:\users\Alexandre Streicher\Downloads\wowclient-downloader.exe:Blizzard Downloader

"{99469314-6EC9-4FAD-82A3-20D063BFBF8E}"= UDP:3724:Blizzard Downloader: 3724

"{AA7FBD85-E303-4E97-9E94-0422E00DA965}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{B380BB7D-E6CB-4AEF-88FC-D5CA2B3C922C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

"{68E5C89C-D422-45F1-9994-66761AFC7FC1}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{8E51CFEE-5F58-4792-BE20-E8BFBF7E63D1}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{3050A3F3-1DBC-4B3F-A0D2-2D7632F611B0}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{95B131F1-69A1-4922-8F8C-7CF1E217A811}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe

"{0D41BFE6-9956-4503-BAC6-9AFBFD169B44}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{31C3EF95-3DDC-47C2-AEF0-6A3E4E32ED46}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{C44AB8FF-5B78-44F7-8A2F-EE07CC1E178C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{1598C597-CECD-4223-8222-8CA04108FFDA}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{A782668E-6281-4729-9101-61B07BBB5F48}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{7C1BCAE2-C17E-42D6-9483-C1260D6D43A3}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main

"{1FE4094B-7E00-473E-BED0-9F03F6F11E2B}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main

"{47687911-EC4E-4C51-B97D-8AF2A8B26AC0}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD

"{14C1929C-D7D5-4A26-B81B-C7B0888994EB}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD

"{20EB0F65-6177-4FA5-A8FE-EBADFA16F8FE}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater

"{6541B863-0DBE-40AE-9B12-710DBCAC7814}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater

"{C10E85AC-B713-47B4-9C90-8EBE39DE2F79}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server

"{09AAC862-6EB6-4358-9244-30C1D1AFD957}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server

"{940C4DDC-B1AE-4EA0-BE11-ACB12664C556}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{71D20AE0-1370-46AC-B1E6-FE0856ADE164}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{0DA61E78-0551-4325-ABC8-637B1E1A648C}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{F8896F20-DF06-4E68-9173-C00924801CBC}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{0FF80201-2616-42AD-93D0-46212386EA68}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{24EC12CA-D68D-486A-BCE6-44FA3E9A2C37}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{13F1E209-8665-4FD7-8B56-36CF2390F225}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{DE2177DF-CFBB-4D57-AB7C-DE02BDE09B4A}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{159E6827-8426-4B1F-B865-FD4BED1CE5EF}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{749E2171-AA5C-4BEA-9924-3C9502AD0DEF}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player

"{18DCF6EF-B5AF-4417-A1DD-4283B3A1DE8F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{85F4DDF4-3161-4233-A4F1-7BF0CB9B098F}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{0FFF58CD-09FC-4856-AD2A-8E378150DAC1}"= c:\program files\Skype\Phone\Skype.exe:Skype

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [3/25/2008 12:27 PM 142352]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [8/26/2008 7:58 AM 73728]

R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [3/25/2008 12:26 PM 36368]

R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [3/25/2008 12:27 PM 234512]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [8/26/2008 3:48 PM 179712]

R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [8/26/2008 3:47 PM 235648]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [8/26/2008 3:47 PM 7424]

R3 physX32;physX32;c:\windows\System32\drivers\physX32.sys [8/26/2008 3:48 PM 117888]

S2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [3/25/2008 12:27 PM 52624]

S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [9/8/2008 7:31 PM 488768]

S3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [9/8/2008 7:32 PM 648456]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

- - - - ORPHANS REMOVED - - - -

 

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

 

 

.

------- Supplementary Scan -------

.

uStart Page = about:blank

FF - ProfilePath -

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-07-07 05:27

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\users\ALEXAN~1\AppData\Local\Temp\RTRCE07.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-967294451-803011006-1897551183-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:f3,89,8e,c6,66,0f,99,4d,35,a4,c6,e9,99,ef,06,f9,fc,68,bb,62,91,c7,db,

d6,da,24,45,b3,28,0b,ac,de,c2,fc,3e,7d,3d,c5,8f,7e,72,9d,80,2f,9e,7e,a3,a7,\

"??"=hex:d2,5e,52,59,8f,40,a1,d2,2f,75,fe,07,f0,58,29,45

 

[HKEY_USERS\S-1-5-21-967294451-803011006-1897551183-1000\Software\SecuROM\License information*]

"datasecu"=hex:1a,b1,ba,77,61,59,1e,b0,07,e5,bc,05,0f,13,bb,6e,42,45,08,5d,f5,

74,bd,19,d1,7d,dd,a7,7e,ac,ce,b0,36,96,4c,af,ba,5a,d9,0c,72,2f,d0,05,8f,81,\

"rkeysecu"=hex:0f,39,7c,5f,e4,3b,2e,5c,ed,5d,57,79,14,aa,63,bc

.

Completion time: 2009-07-07 5:29

ComboFix-quarantined-files.txt 2009-07-07 09:29

ComboFix2.txt 2009-07-06 21:53

 

Pre-Run: 65,960,652,800 bytes free

Post-Run: 65,990,852,608 bytes free

 

250 --- E O F --- 2009-07-06 19:49

Share this post


Link to post
Share on other sites

Congratulations your logs look clean :)

 

Let's see if I can help you keep it that way

 

First lets tidy up

 

Please delete RSIT.exe and C:\RSIT (entire folder)

You can also delete any logs we have produced, and empty your Recycle bin.

 

 

Uninstall Combofix

  • This will clear your System Volume Information restore points and remove all the infected files that were quarantined
  • Click START, type RUN into the search box, then click Enter
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
  • Posted Image

 

 

----------------------------------------------------------- -----------------------------------------------------------

 

The following is some info to help you stay safe and clean.

 

 

You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.

( Vista users must ensure that any programs are Vista compatible BEFORE installing )

 

Online Scanners

I would recommend a scan at one or more of the following sites at least once a month.

 

http://www.pandasecurity.com/activescan

http://www.kaspersky.com/kos/eng/partner/7...kavwebscan.html

 

!!! Make sure that all your programs are updated !!!

Secunia Software Inspector does all the work for you, .... see HERE for details

 

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.

    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.

    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.

    Most of the programs in this list have a free (for Home Users ) and paid versions,

    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.

  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner
Prevention
  • These programs don't detect malware, they help stop it getting on your machine in the first place.

    Each does a different job, so you can have more than one

  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 4.0
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections
Internet Browsers
  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.

    Using a different web browser can help stop malware getting on your machine.

    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
  • FireFox
    • With many addons available that make customization easy this is a very popular choice
    • NoScript and AdBlockPlus addons are essential
  • Opera
    • Another popular alternative
  • Netscape
    • Another popular alternative
    • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.

    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.

    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

     

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.

    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.

    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

     

    Both of these can be cleaned manually, but a quicker option is to use a program

  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place

 

The last and most important thing I can tell you is UPDATE.

If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.

Malware changes on a day to day basis. You should update every week at the very least.

 

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D

 

 

If you could post back one more time to let me know everything is OK, then I can have this thread archived.

 

Happy surfing K'

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...