 |
 |
| Windows - No Disk. Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c |
| 
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-13-2009 2:25 (GMT +1) |   | | Hello, I just stumbled onto this forum and I'm glad I found it.
Any way
I had some adware/spyware problem. Ran SAS(SuperAntiSpyware)
it did its thing, said it needed to reboot, it did and I get that message
It stays on screen until it is closed about 70 times.
But the thing is. For some reason It won't let me online anymore.
I'm at a library. Please help  | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-17-2009 9:54 (GMT +1) | | Hi PaperMachine,
I have a feeling that error is not involved in this net access problem, but I will need more info off that problem computer before we can decide on repairs. See if you can log in from it using Safe Mode. At startup tap the F8 key about once per second, then select Safe Mode with Networking from the menu that shows. If that works, do the following scan steps.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.
If necessary allow it to locate or download a copy of HijackThis as needed.
Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.
RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).
You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
--------------
Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.
If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things.
If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).
When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-18-2009 3:12 (GMT +1) | | Thanks for responding.
I have tried to load webpages in Safe Mode w/ Networking but it wouldn't
All i need is to get the net working again and I can get programs to fix the other problems.
I got this response on another forum and I could use more information.
"Try to check if the hosts file was modified because most malware like to do that. Also check your browser for proxy settings and your connection's DNS settings because some malware also automatically change them." | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-19-2009 12:54 (GMT +1) | | | If you transfer the RSIT scanner and post back some information, I may be able to provide a solution to the net access problem. Shy of that you are looking for guesses, and as you attempt each new change from those it may just make things worse. | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-19-2009 1:02 (GMT +1) | | Oh heck - here's a guess solution anyway, but truly changes like these are not sound repair thinking. Assuming malware loaded a file into the Winsock there, and the file was removed by SuperAntiSpyware but the Winsock setting was not repaired, that would leave you without net access.
To correct for that go to Start - Run, type cmd (and press OK). At the prompt type the following, pressing Enter after each:
netsh winsock reset
Then type exit and press Enter to close the command window. That command will reset the Winsock to a default setting. But it will also remove all the entries for any third-party softwares like Apple's Bonjour, so those will need to be reinstalled later to fix that. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-19-2009 2:08 (GMT +1) | | Thanks. I got more information from the guy and he said the same thing.
I'll go through and reset/fix all my browser/proxy/host/etc settings and
post back. | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-19-2009 3:20 (GMT +1) | | | I would like to suggest that either way you still try to run the suggested RSIT scan to post those logs. However, it is not a good idea to have requests and get ideas in more than one forum. Those who are assisting you do not know what changes or information is being provided at the other location. So I suggest if you are already receiving assistance elsewhere you follow up there for now. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-19-2009 7:49 (GMT +1) | | OK yes the winsock thing worked I'm now on my own computer.
I will use the programms you suggested and post the results in this thread
Thank You
GMER seems to be a broken link and keeps getting errors when i try to download it when i found the site.
But here are the Log/Info txt from the other program
Log
--------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Døktør at 2009-05-19 13:50:12
Microsoft Windows XP Professional Service Pack 2
System drive C: has 44 GB (19%) free of 233 GB
Total RAM: 1919 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:15 PM, on 5/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Døktør\Application Data\ptidle\ptidle.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Døktør\Application Data\Twain\Twain.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Døktør\Application Data\digifast\digifast.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Døktør\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Døktør.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {677e950d-7ba6-4d91-a142-2e82f5c0f653} - C:\WINDOWS\system32\wudifobu.dll
O2 - BHO: C:\WINDOWS\system32\had732ufn8.dll - {A6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had732ufn8.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [msci] "C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\20061229211242_mcinfo.exe" /insfin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKLM\..\Run: [gunerifimi] Rundll32.exe "C:\WINDOWS\system32\pezatehe.dll",s
O4 - HKLM\..\Run: [CPM131879de] Rundll32.exe "c:\windows\system32\sefoseyo.dll",a
O4 - HKCU\..\Run: [ptidle] "C:\Documents and Settings\Døktør\Application Data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AOL??????·???????] "C:\PROGRA~1\AIM95\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Døktør\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\Døktør\Application Data\digifast\digifast.exe
O4 - HKCU\..\Run: [gBFumemFO7] C:\Documents and Settings\Døktør\Application Data\Microsoft\Windows\kuuxr.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\DKTR~1\protect.dll,_IWMPEvents@16
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Applications\iebtm.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\My Documents\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\My Documents\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\My Documents\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\windows\system32\jimekaju.dll c:\windows\system32\kozozari.dll c:\windows\system32\nijapuzu.dll c:\windows\system32\vi!!!egi.dll c:\windows\system32\woyevepa.dll c:\windows\system32\nomolole.dll C:\WINDOWS\system32\zagimime.dll c:\windows\system32\femesolu.dll c:\windows\system32\sefoseyo.dll,C:\WINDOWS\system32\gonihuha.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sefoseyo.dll
O22 - SharedTaskScheduler: hasf8h3rfijfn98gf9iar - {A6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had732ufn8.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sefoseyo.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9cc402f517f51) (gupdate1c9cc402f517f51) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 13189 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{677e950d-7ba6-4d91-a142-2e82f5c0f653}]
C:\WINDOWS\system32\wudifobu.dll [2009-02-19 48640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6C7B2A1-00F3-42BD-F434-00AABA2C8953}]
C:\WINDOWS\system32\had732ufn8.dll - C:\WINDOWS\system32\had732ufn8.dll [2009-05-19 15000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - MEGAUPLOADTOOLBAR - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-06-01 1929160]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-12 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-01-11 166304]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-15 37376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-14 16010752]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"prnet"=C:\WINDOWS\system32\prnet.tmp [2009-05-12 165376]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]
"net"=C:\WINDOWS\system32\net.net [2009-05-12 111057]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"msci"=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\20061229211242_mcinfo.exe /insfin []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-12-08 550912]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"autochk"=C:\WINDOWS\system32\autochk.dll [2009-05-19 23552]
"gunerifimi"=C:\WINDOWS\system32\pezatehe.dll [2009-02-19 48640]
"CPM131879de"=c:\windows\system32\sefoseyo.dll [2009-05-19 81920]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"start"=C:\Program Files\Applications\iebtm.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ptidle"=C:\Documents and Settings\Døktør\Application Data\ptidle\ptidle.exe [2009-05-12 56832]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"Windows update loader"=C:\Windows\xpupdate.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-04 68856]
"Power2GoExpress"=NA []
"E6TaskPanel"=C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"AOL??????·???????"=C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl []
"Aim6"= []
"Twain"=C:\Documents and Settings\Døktør\Application Data\Twain\Twain.exe [2009-05-19 13312]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]
"DigiFast"=C:\Documents and Settings\Døktør\Application Data\digifast\digifast.exe [2009-05-19 225792]
"gBFumemFO7"=C:\Documents and Settings\Døktør\Application Data\Microsoft\Windows\kuuxr.exe []
"autochk"=C:\DOCUME~1\DKTR~1\protect.dll [2009-05-19 23552]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\Døktør\Start Menu\Programs\Startup
ChkDisk.dll
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\jimekaju.dll c:\windows\system32\kozozari.dll c:\windows\system32\nijapuzu.dll c:\windows\system32\vi!!!egi.dll c:\windows\system32\woyevepa.dll c:\windows\system32\nomolole.dll C:\WINDOWS\system32\zagimime.dll c:\windows\system32\femesolu.dll c:\windows\system32\sefoseyo.dll,C:\WINDOWS\system32\gonihuha.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2006-11-17 209408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sefoseyo.dll [2009-05-19 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
hasf8h3rfijfn98gf9iar - {A6C7B2A1-00F3-42BD-F434-00AABA2C8953} - C:\WINDOWS\system32\had732ufn8.dll [2009-05-19 15000]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sefoseyo.dll [2009-05-19 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=scecli
C:\WINDOWS\system32\zagimime.dll
C:\WINDOWS\system32\gonihuha.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1155139980\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1155139980\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM"
"J:\PortableApps\MirandaPortable\App\miranda\miranda32.exe"="J:\PortableApps\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"J:\PortableApps\FileZillaPortable\App\filezilla\FileZilla.exe"="J:\PortableApps\FileZillaPortable\App\filezilla\FileZilla.exe:*:Enabled:FileZilla"
"C:\BearShare\BearShare.exe"="C:\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\TorrentQ\TorrentQ.exe"="C:\Program Files\TorrentQ\TorrentQ.exe:*:Enabled:Torrent P2P application"
"C:\Program Files\1&1\1&1 SoftPhone\IPPHONE.EXE"="C:\Program Files\1&1\1&1 SoftPhone\IPPHONE.EXE:*:Enabled:1&1 SoftPhone"
"C:\Program Files\CodeGear\Delphi for PHP\1.0\debugger\DbgListener.exe"="C:\Program Files\CodeGear\Delphi for PHP\1.0\debugger\DbgListener.exe:*:Enabled:Listener for php debugger DBG"
"C:\Program Files\CodeGear\Delphi for PHP\1.0\apache2\bin\Apache.exe"="C:\Program Files\CodeGear\Delphi for PHP\1.0\apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Documents and Settings\Døktør\My Documents\BitTorrent\bittorrent.exe"="C:\Documents and Settings\Døktør\My Documents\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Døktør\Desktop\GMOD10\hl2.exe"="C:\Documents and Settings\Døktør\Desktop\GMOD10\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Norton PC Checkup\PC_Checkup.exe"="C:\Program Files\Norton PC Checkup\PC_Checkup.exe:*:Enabled c_checkup"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"
"C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:RTHDCPL"
"C:\WINDOWS\zHotkey.exe"="C:\WINDOWS\zHotkey.exe:*:Enabled:zHotkey"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe:*:Enabled:apdproxy"
"C:\WINDOWS\system32\defrag.exe"="C:\WINDOWS\system32\defrag.exe:*:Enabled:defrag"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\WINDOWS\system32\dllhost.exe"="C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost"
"C:\Program Files\Viewpoint\Common\ViewpointService.exe"="C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\WINDOWS\arservice.exe"="C:\WINDOWS\arservice.exe:*:Enabled:arservice"
"C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\garrysmod\hl2.exe"="C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\team fortress 2\hl2.exe"="C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\HLServer\orangebox\srcds.exe"="C:\HLServer\orangebox\srcds.exe:*:Enabled:srcds"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe"="C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe:*:Enabled:fbserver"
"C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe"="C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe:*:Enabled:fbguard"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb2d2bc-dd6d-11db-b10b-0040ca9b55bc}]
shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e6734b-27be-11db-b115-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======File associations======
.reg - open - "regedit.exe" "%1"
======List of files/folders created in the last 1 months======
2009-05-19 13:50:12 ----D---- C:\rsit
2009-05-19 13:12:50 ----ASH---- C:\WINDOWS\system32\autochk.dll
2009-05-19 13:12:49 ----A---- C:\WINDOWS\system32\lmn_setup.exe
2009-05-19 12:57:55 ----A---- C:\WINDOWS\system32\p2hhr.bat
2009-05-19 12:57:49 ----A---- C:\WINDOWS\system32\had732ufn8.dll
2009-05-19 12:57:48 ----A---- C:\WINDOWS\system32\ak1.exe
2009-05-19 12:51:52 ----SH---- C:\WINDOWS\system32\ezijumaf.ini
2009-05-19 12:42:47 ----A---- C:\WINDOWS\system32\glsetup.exe
2009-05-19 12:38:28 ----D---- C:\Documents and Settings\Døktør\Application Data\digifast
2009-05-19 12:37:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-19 12:37:35 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-19 12:37:35 ----D---- C:\Documents and Settings\Døktør\Application Data\SUPERAntiSpyware.com
2009-05-19 12:33:23 ----D---- C:\Documents and Settings\Døktør\Application Data\Twain
2009-05-19 12:28:29 ----D---- C:\Program Files\WWShow
2009-05-19 12:26:24 ----A---- C:\resetlog.txt
2009-05-18 20:50:44 ----SH---- C:\WINDOWS\system32\kuwovogi.exe
2009-05-12 18:10:53 ----D---- C:\WINDOWS\pss
2009-05-12 17:00:36 ----A---- C:\WINDOWS\system32\loader49.exe
2009-05-12 16:50:32 ----SH---- C:\WINDOWS\system32\avamunuz.ini
2009-05-12 16:45:28 ----D---- C:\Documents and Settings\Døktør\Application Data\ptidle
2009-05-12 16:44:57 ----A---- C:\WINDOWS\system32\prnet.tmp
2009-05-10 17:05:34 ----SHD---- C:\WINDOWS\system32\lowsec
2009-05-10 17:05:32 ----H---- C:\WINDOWS\ld08.exe
2009-05-10 15:52:58 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-05-10 15:47:54 ----D---- C:\AeriaGames
2009-05-05 19:55:24 ----D---- C:\Program Files\GIMP-2.0
2009-05-03 17:37:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
======List of files/folders modified in the last 1 months======
2009-05-19 13:46:10 ----SD---- C:\WINDOWS\Tasks
2009-05-19 13:45:16 ----D---- C:\Program Files\Mozilla Firefox
2009-05-19 13:43:21 ----D---- C:\WINDOWS\TEMP
2009-05-19 13:43:21 ----A---- C:\WINDOWS\ModemLog_Standard 28800 bps Modem.txt
2009-05-19 13:43:15 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-05-19 13:43:13 ----D---- C:\WINDOWS
2009-05-19 13:42:45 ----D---- C:\WINDOWS\system32
2009-05-19 13:42:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-19 13:42:38 ----D---- C:\WINDOWS\Registration
2009-05-19 12:52:11 ----ASH---- C:\WINDOWS\system32\josoguyi.dll
2009-05-19 12:51:41 ----N---- C:\WINDOWS\system32\sefoseyo.dll
2009-05-19 12:51:41 ----ASH---- C:\WINDOWS\system32\famujize.dll
2009-05-19 12:37:39 ----SHD---- C:\WINDOWS\Installer
2009-05-19 12:37:38 ----D---- C:\Config.Msi
2009-05-19 12:37:35 ----D---- C:\Program Files
2009-05-19 12:36:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-19 12:26:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-17 21:27:06 ----D---- C:\WINDOWS\Prefetch
2009-05-17 21:25:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-14 20:29:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-13 12:35:53 ----D---- C:\WINDOWS\system32\Restore
2009-05-13 07:18:01 ----HD---- C:\WINDOWS\inf
2009-05-12 20:50:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-12 19:15:42 ----AH---- C:\boot.ini
2009-05-12 19:15:42 ----A---- C:\WINDOWS\win.ini
2009-05-12 19:15:42 ----A---- C:\WINDOWS\system.ini
2009-05-12 18:08:26 ----SHD---- C:\WINDOWS\CSC
2009-05-12 17:00:50 ----A---- C:\WINDOWS\system32\USERINIT.EXE.sasbak
2009-05-12 16:50:21 ----ASH---- C:\WINDOWS\system32\zunumava.dll
2009-05-12 16:45:31 ----D---- C:\WINDOWS\system32\drivers
2009-05-10 15:52:59 ----D---- C:\WINDOWS\system32\DirectX
2009-05-10 15:47:54 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-07 21:01:17 ----D---- C:\Program Files\Digsby
2009-05-06 14:33:51 ----D---- C:\Documents and Settings\Døktør\Application Data\gtk-2.0
2009-05-03 18:04:26 ----D---- C:\Documents and Settings\Døktør\Application Data\Google
2009-05-03 18:00:00 ----D---- C:\temp
2009-05-03 17:43:47 ----D---- C:\Program Files\Google
2009-04-26 12:26:48 ----D---- C:\Documents and Settings\Døktør\Application Data\dvdcss
2009-04-24 20:15:48 ----D---- C:\Program Files\Last.fm
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-09 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2006-11-17 15360]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-10 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 vidcap;vidcap; C:\WINDOWS\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 aou5mdkr;aou5mdkr; C:\WINDOWS\system32\drivers\aou5mdkr.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-08-09 172032]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2006-11-17 3299328]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S2 gupdate1c9cc402f517f51;Google Update Service (gupdate1c9cc402f517f51); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-03 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-01-11 2138528]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------
Info.txt
------------------
info.txt logfile of random's system information tool 1.06 2009-05-19 13:50:18
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
01-mp3search 4.0-->C:\MYDOCU~1\01-MP3~1\Setup.exe /remove
12Sky-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4235A9E5-EEFF-42E7-BEC9-9D421DD10ECB}\setup.exe" -l0x9 -removeonly
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3-->C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe
Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Advertisement Service-->C:\WINDOWS\system32\net.net Uninstall
Advertisement Service-->C:\WINDOWS\system32\prnet.tmp Uninstall
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
Alias SketchBook Pro 2.0-->MsiExec.exe /X{3470101E-A698-4B27-9532-5528B02A5FE0}
AnimatorDV Simple+ 9.02-->"C:\Program Files\AnimatorDVSimple+\unins000.exe"
AOL Instant Messenger-->C:\PROGRA~1\AIM95\uninstll.exe -LOG= C:\PROGRA~1\AIM95\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ASIO4ALL-->C:\Documents and Settings\Døktør\My Documents\ASIO4ALL v2\uninstall.exe
BJC-250 Series-->C:\WINDOWS\system32\CNMCP14.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon BJC-250 Series Installer\Inst\DeIsL1.isu" -pCanon BJC-250 Series-c"C:\BJPrinter\CNMWINDOWS\Canon BJC-250 Series Installer\Inst\bjinst.dll
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Browser Address Error Redirector-->regsvr32 /u /s "c:\windows\system32\BAE.dll"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Collab-->C:\Documents and Settings\Døktør\My Documents\Collab\uninstall.exe
Continuum-->"C:\Program Files\Continuum\unins000.exe"
Corel Uninstaller-->C:\WINDOWS\COREL\UNINST32.EXE
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Digital Media Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875} /l1033
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DX-Ball 2 v1.2-->C:\PROGRA~1\DXBall2\UNWISE.EXE C:\PROGRA~1\DXBall2\INSTALL.LOG
Easytoon 1.9.5-->C:\Program Files\Easytoon 1.9.5 EN\Uninstal.exe
Fighter Factory 1.0.12.2005 (Update Pack 3)-->"C:\My Documents\Fighter Factory\unins000.exe"
Firebird 2.1.0.16780 (Win32)-->"C:\Program Files\Firebird\Firebird_2_1\unins000.exe"
FL Studio 7-->C:\Documents and Settings\Døktør\My Documents\uninstall.exe
FL Studio v7.0-->"C:\Program Files\Image-Line\FL Studio 7\unins000.exe"
FLAC 1.2.1b (remove only)-->C:\Documents and Settings\Døktør\My Documents\FLAC\uninstall.exe
Flash-Creator 1-->C:\WINDOWS\cadkasdeinst01e.exe "C:\Program Files\Flash-Creator 1\"
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Download Manager 2.1-->"C:\My Documents\Free Download Manager\unins000.exe"
Garry's Mod-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/4000
GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GoldWave v5.18-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.18" "C:\Program Files\GoldWave\unstall.log"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\1.0.154.65\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
gtw_logo-->C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"
Half-Life Dedicated Server Update Tool-->C:\HLServer\UNWISE.EXE C:\HLServer\INSTALL.LOG
HammerHead Rhythm Station-->C:\Program Files\HammerHead\Uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909095)-->"C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB910728)-->"C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914906)-->"C:\WINDOWS\$NtUninstallKB914906$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HyperCam 2-->"c:\my documents\UnHyCam2.exe"
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
InFlac 1.1.1-->"C:\Program Files\Winamp\InFlac-Uninstall.exe"
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
L&H TTS3000 British English-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
L&H TTS3000 Deutsch-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall
Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe"
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Megaupload Toolbar-->C:\Program Files\MegauploadToolbar\uninstall.exe
MicroMan - Adventure 1-->C:\WINDOWS\iun3405.exe c:\Games\Micro1
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Away Mode-->"C:\WINDOWS\$NtUninstallAwayMode160$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Starter Edition 2006-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=11
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
MOV to AVI MPEG WMV Converter 3.0.4-->"C:\Program Files\MOV to AVI MPEG WMV Converter\unins000.exe"
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
Multimedia Keyboard Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
NetPumper 1.50-->"C:\Program Files\NetPumper\unins000.exe"
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RM Converter 4.28-->"C:\Program Files\RM Converter\unins000.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDRSLSM5K.inf
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sony Media Manager 2.2-->MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony Vegas 7.0-->MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
SPORE™ Creature Creator-->"C:\Program Files\InstallShield Installation Information\{8CC42289-E228-4A35-B8A9-015242283BB2}\SCCSetup.exe" -runfromtemp -l0x0009 -removeonly
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Team Fortress 2-->"C:\Program Files\Valve\Steam\steam.exe" steam://uninstall/440
TorrentQ version 2.1.0.0-->"C:\Program Files\TorrentQ\unins000.exe"
Ultra QuickTime Converter 1.3.4-->"C:\Program Files\Ultra QuickTime Converter\unins000.exe"
Update for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URGE-->MsiExec.exe /I{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visioneer PaperPort 5.3-->C:\PAPRPORT\UnInstal.exe C:\WINDOWS\uninst.exe -fC:\PAPRPORT\DATA\DeIsL1.isu
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XviD MPEG-4 Video Codec-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZBrush3-->MsiExec.exe /I{6084D038-3401-4C9D-A216-86E6EEA25AFB}
ZD Soft Video Recorder-->"C:\Documents and Settings\Døktør\My Documents\Video Recorder\Uninstall.exe"
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->MsiExec.exe /X{7583239A-D4BE-48CA-A253-396122B3D3E9}
=====HijackThis Backups=====
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) [2008-12-03]
======System event log======
Computer Name: YOUR-DC3E0B8F38
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&255493f1&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 177
Source Name: LDMS
Time Written: 20090512170750.000000-300
Event Type: error
User:
Computer Name: YOUR-DC3E0B8F38
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\storage#removablemedia#7&19d12bf5&0&rm#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.
Record Number: 176
Source Name: LDMS
Time Written: 20090512170750.000000-300
Event Type: error
User:
Computer Name: YOUR-DC3E0B8F38
Event Code: 10010
Message: The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register with DCOM within the required timeout.
Record Number: 172
Source Name: DCOM
Time Written: 20090512170644.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-DC3E0B8F38
Event Code: 7031
Message: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Record Number: 147
Source Name: Service Control Manager
Time Written: 20090512164533.000000-300
Event Type: error
User:
Computer Name: YOUR-DC3E0B8F38
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk3\D.
Record Number: 140
Source Name: Disk
Time Written: 20090512151930.000000-300
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
-----------------EOF-----------------Post Edited (PaperMachine) : 19-05-2009 18:58:11 GMT | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-19-2009 9:22 (GMT +1) | | Wow - very, very seriously infected still. This will take a good few steps. And likely the malware is not allowing you to access the Gmer download, instead of there being a link problem.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Open HijackThis, and choose None of the above, just start the program. Click Config – Misc Tools – Open process manager. From the list, click each of the following if it is present, and Kill Process. Close HijackThis.
C:\Documents and Settings\Døktør\Application Data\ptidle\ptidle.exe
C:\Documents and Settings\Døktør\Application Data\Twain\Twain.exe
C:\Documents and Settings\Døktør\Application Data\digifast\digifast.exe
C:\WINDOWS\System32\RUNDLL32.EXE
After doing that you may get alerts about a missing rundll32.exe. This is a legit file often used for your different display/control panels there, but being misused by infection, so we are stopping it for now.
-------------------
Again open HijackThis, close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
--------------------
Download OTMoveIt3 by OldTimer to your desktop.
Then click OTMoveIt3.exe to run it (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator").
Copy the file path(s) below (inside the Code box) to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows update loader"=-
"Twain"=-
"DigiFast"=-
"gBFumemFO7"=-
"autochk"=
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".
----------
Download The Avenger by Swandog from here.
Then unzip that, so it will create an avenger folder and an avenger.exe file.
Rename the avenger.exe file avvy.com then click that to start Avenger.
Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.
Begin copying here:
Drivers to delete:
MyWebSearchService
Files to delete:
C:\WINDOWS\system32\wudifobu.dll
C:\WINDOWS\system32\had732ufn8.dl
C:\WINDOWS\system32\autochk.dll
C:\WINDOWS\system32\pezatehe.dll
c:\windows\system32\sefoseyo.dll
C:\Program Files\Applications\iebtm.exe
C:\Windows\xpupdate.exe
C:\Documents and Settings\Døktør\Application Data\Microsoft\Windows\kuuxr.exe
C:\Documents and Settings\Døktør\protect.dll
C:\Documents and Settings\Døktør\Start Menu\Programs\Startup\ChkDisk.dll
C:\Documents and Settings\Døktør\Start Menu\Programs\Startup\ChkDisk.lnk
C:\WINDOWS\system32\autochk.dll
C:\WINDOWS\system32\lmn_setup.exe
C:\WINDOWS\system32\p2hhr.bat
C:\WINDOWS\system32\had732ufn8.dll
C:\WINDOWS\system32\ak1.exe
C:\WINDOWS\system32\ezijumaf.ini
C:\WINDOWS\system32\glsetup.exe
C:\resetlog.txt
C:\WINDOWS\system32\kuwovogi.exe
C:\WINDOWS\system32\loader49.exe
C:\WINDOWS\system32\avamunuz.ini
C:\WINDOWS\system32\prnet.tmp
C:\WINDOWS\ld08.exe
C:\WINDOWS\system32\josoguyi.dll
C:\WINDOWS\system32\sefoseyo.dll
C:\WINDOWS\system32\famujize.dll
C:\WINDOWS\system32\USERINIT.EXE.sasbak
C:\WINDOWS\system32\zunumava.dll
c:\windows\system32\jimekaju.dll
c:\windows\system32\kozozari.dll
c:\windows\system32\nijapuzu.dll
c:\windows\system32\vi!!!egi.dll
c:\windows\system32\woyevepa.dll
c:\windows\system32\nomolole.dll
C:\WINDOWS\system32\zagimime.dll
c:\windows\system32\femesolu.dll
c:\windows\system32\sefoseyo.dll
C:\WINDOWS\system32\gonihuha.dll
Folders to delete:
C:\WINDOWS\system32\lowsec
C:\Documents and Settings\Døktør\Application Data\Twain
C:\Documents and Settings\Døktør\Application Data\ptidle
C:\Documents and Settings\Døktør\Application Data\digifast
Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | autochk
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | gunerifimi
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CPM131879de
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run | start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad | SSODL
Registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{677e950d-7ba6-4d91-a142-2e82f5c0f653}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6C7B2A1-00F3-42BD-F434-00AABA2C8953}
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
Your system may reboot twice to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.
--------
Then Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to combi.com, then click the renamed combi.com to run that scan.
Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.
A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Post back that ComboFix log, along with the C:\avenger.txt log please.
Aslo do the Gmer download, and run that and post the log please. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-20-2009 1:26 (GMT +1) | | ========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows update loader deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Twain deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DigiFast deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\gBFumemFO7 deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"autochk"| /E : value set successfully!
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05192009_184952
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
Hidden driver "ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs" found!
ImagePath: \systemroot\system32\drivers\ovfsthfksdimmvrtjuwacngyjjtypaplqejkow.sys
Start Type: 1 (System)
Rootkit scan completed.
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\MyWebSearchService" not found!
Deletion of driver "MyWebSearchService" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\wudifobu.dll" not found!
Deletion of file "C:\WINDOWS\system32\wudifobu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\had732ufn8.dl" not found!
Deletion of file "C:\WINDOWS\system32\had732ufn8.dl" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\autochk.dll" deleted successfully.
Error: file "C:\WINDOWS\system32\pezatehe.dll" not found!
Deletion of file "C:\WINDOWS\system32\pezatehe.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\sefoseyo.dll" not found!
Deletion of file "c:\windows\system32\sefoseyo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not open file "C:\Program Files\Applications\iebtm.exe"
Deletion of file "C:\Program Files\Applications\iebtm.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Error: file "C:\Windows\xpupdate.exe" not found!
Deletion of file "C:\Windows\xpupdate.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\Documents and Settings\Døktør\Application Data\Microsoft\Windows\kuuxr.exe" not found!
Deletion of file "C:\Documents and Settings\Døktør\Application Data\Microsoft\Windows\kuuxr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\Documents and Settings\Døktør\protect.dll" deleted successfully.
File "C:\Documents and Settings\Døktør\Start Menu\Programs\Startup\ChkDisk.dll" deleted successfully.
File "C:\Documents and Settings\Døktør\Start Menu\Programs\Startup\ChkDisk.lnk" deleted successfully.
Error: file "C:\WINDOWS\system32\autochk.dll" not found!
Deletion of file "C:\WINDOWS\system32\autochk.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\lmn_setup.exe" deleted successfully.
File "C:\WINDOWS\system32\p2hhr.bat" deleted successfully.
Error: file "C:\WINDOWS\system32\had732ufn8.dll" not found!
Deletion of file "C:\WINDOWS\system32\had732ufn8.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\ak1.exe" deleted successfully.
File "C:\WINDOWS\system32\ezijumaf.ini" deleted successfully.
File "C:\WINDOWS\system32\glsetup.exe" deleted successfully.
File "C:\resetlog.txt" deleted successfully.
File "C:\WINDOWS\system32\kuwovogi.exe" deleted successfully.
File "C:\WINDOWS\system32\loader49.exe" deleted successfully.
File "C:\WINDOWS\system32\avamunuz.ini" deleted successfully.
File "C:\WINDOWS\system32\prnet.tmp" deleted successfully.
File "C:\WINDOWS\ld08.exe" deleted successfully.
File "C:\WINDOWS\system32\josoguyi.dll" deleted successfully.
Error: file "C:\WINDOWS\system32\sefoseyo.dll" not found!
Deletion of file "C:\WINDOWS\system32\sefoseyo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\famujize.dll" deleted successfully.
File "C:\WINDOWS\system32\USERINIT.EXE.sasbak" deleted successfully.
File "C:\WINDOWS\system32\zunumava.dll" deleted successfully.
Error: file "c:\windows\system32\jimekaju.dll" not found!
Deletion of file "c:\windows\system32\jimekaju.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\kozozari.dll" not found!
Deletion of file "c:\windows\system32\kozozari.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\nijapuzu.dll" not found!
Deletion of file "c:\windows\system32\nijapuzu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\vi!!!egi.dll" not found!
Deletion of file "c:\windows\system32\vi!!!egi.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\woyevepa.dll" not found!
Deletion of file "c:\windows\system32\woyevepa.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\nomolole.dll" not found!
Deletion of file "c:\windows\system32\nomolole.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\zagimime.dll" not found!
Deletion of file "C:\WINDOWS\system32\zagimime.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\femesolu.dll" not found!
Deletion of file "c:\windows\system32\femesolu.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "c:\windows\system32\sefoseyo.dll" not found!
Deletion of file "c:\windows\system32\sefoseyo.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\gonihuha.dll" deleted successfully.
Folder "C:\WINDOWS\system32\lowsec" deleted successfully.
Folder "C:\Documents and Settings\Døktør\Application Data\Twain" deleted successfully.
Folder "C:\Documents and Settings\Døktør\Application Data\ptidle" deleted successfully.
Folder "C:\Documents and Settings\Døktør\Application Data\digifast" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|autochk" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|gunerifimi" deleted successfully.
Error: could not delete registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|CPM131879de"
Deletion of registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|CPM131879de" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry value "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|start" deleted successfully.
Error: could not delete registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|SSODL"
Deletion of registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad|SSODL" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{677e950d-7ba6-4d91-a142-2e82f5c0f653}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{677e950d-7ba6-4d91-a142-2e82f5c0f653}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6C7B2A1-00F3-42BD-F434-00AABA2C8953}" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6C7B2A1-00F3-42BD-F434-00AABA2C8953}" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.
Completed script processing.
*******************
Finished! Terminate.
The Combofix one didn't give me a log and it said it had been "compromised" and that it was "unsafe to continue"
Running GMER now. will post again when it's finished. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-20-2009 1:52 (GMT +1) | | GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-19 19:52:00
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
SSDT 8AB2AA80 ZwAllocateVirtualMemory
SSDT 8AB18020 ZwCreateKey
SSDT 8AB2AFA8 ZwCreateProcess
SSDT 8AB2AF30 ZwCreateProcessEx
SSDT 8AB2AD50 ZwCreateThread
SSDT 8AB45288 ZwDeleteKey
SSDT 8AB2B250 ZwDeleteValueKey
SSDT spha.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spha.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spha.sys Z!!!enKey [0xBA6A80C0]
SSDT spha.sys ZwQueryKey [0xBA6C7108]
SSDT spha.sys ZwQueryValueKey [0xBA6C6F88]
SSDT 8AB2AAF8 ZwQueueApcThread
SSDT 8AB2A990 ZwReadVirtualMemory
SSDT 8AB30A70 ZwRenameKey
SSDT 8AB2ABE8 ZwSetContextThread
SSDT 8ABF3280 ZwSetInformationKey
SSDT 8AB2AE40 ZwSetInformationProcess
SSDT 8AB2AC60 ZwSetInformationThread
SSDT 8AAC5140 ZwSetValueKey
SSDT 8AB2ADC8 ZwSuspendProcess
SSDT 8AB2AB70 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB648ADF0]
SSDT 8AB2ACD8 ZwTerminateThread
SSDT 8AB2AA08 ZwWriteVirtualMemory
INT 0x62 ? 8AB7DBF8
INT 0x63 ? 8A8B2BF8
INT 0x73 ? 8AB7DBF8
INT 0xB4 ? 8A8B2BF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050477C 4 Bytes CALL 0CDAFA2C
? spha.sys The system cannot find the file specified. !
? Combo-Fix.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B981262C 5 Bytes JMP 8A8B21D8
.text awvldtzi.SYS B9519386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text awvldtzi.SYS B95193AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text awvldtzi.SYS B95193C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text awvldtzi.SYS B95193C9 1 Byte [2E]
.text awvldtzi.SYS B95193C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[940] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 0044EE31 C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Spy Sweeper Engine/Webroot Software, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!send 71AB428A 6 Bytes PUSH 10003DB4; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!WSARecv 71AB4318 6 Bytes PUSH 10003C07; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!recv 71AB615A 6 Bytes PUSH 10003C91; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[2464] WS2_32.dll!WSASend 71AB6233 6 Bytes PUSH 10003D38; RET C:\WINDOWS\system32\autochk.dll (lib/ )
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP 0A93B250 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP 0A93B2A0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5 Bytes JMP 0A93B2C0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP 0A93B230 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP 0A93B310 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP 0A93B320 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP 0A93B351 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP 0A93B420 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP 0A93B3F0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP 0A93B360 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93B180 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93B110 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93B170 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93B0D0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93B150 C:\WINDOWS\system32\SH33W32.dll
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spha.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spha.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spha.sys
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\awvldtzi.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spha.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2A918
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2A820
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalUnlock] [0A93C300] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalHandle] [0A93C100] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalLock] [0A93C2A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalFlags] [0A93C0C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [0A93BA90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapValidate] [0A93BB40] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCompact] [0A93B930] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapWalk] [0A93BB80] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalSize] [0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalReAlloc] [0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] [0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] [0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!HeapValidate] [0A93BB40] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!HeapCompact] [0A93B930] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalAlloc] [0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalFree] [0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalSize] [0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalReAlloc] [0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalUnlock] [0A93C300] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalLock] [0A93C2A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] [0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcessHeap] [0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] [0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] [0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GlobalFree] [0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibraryAndExitThread] [0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[4012] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GlobalAlloc] [0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8AB681F8
AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
Device \FileSystem\Fastfat \FatCdrom 89B39500
Device \Driver\usbstor \Device\000000cd 8A987500
Device \Driver\usbstor \Device\000000ce 8A987500
Device \Driver\usbstor \Device\000000cf 8A987500
Device \Driver\Tcpip \Device\Ip 89D816E8
Device \Driver\Tcpip \Device\Ip 8AA2AD50
Device \Driver\Tcpip \Device\Ip 8A200768
Device \Driver\Tcpip \Device\Ip 8A9D89C0
Device \Driver\Tcpip \Device\Ip 8A1BF790
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 8A95D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AB7E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AB7E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AB7E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AB7E1F8
Device \Driver\usbehci \Device\USBPDO-1 8A9591F8
Device \Driver\Tcpip \Device\Tcp 89D816E8
Device \Driver\Tcpip \Device\Tcp 8AA2AD50
Device \Driver\Tcpip \Device\Tcp 8A200768
Device \Driver\Tcpip \Device\Tcp 8A9D89C0
Device \Driver\Tcpip \Device\Tcp 8A1BF790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8ABED1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8ABED1F8
Device \Driver\Cdrom \Device\CdRom0 8A9501F8
Device \Driver\Cdrom \Device\CdRom1 8A9501F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8AB7D1F8
Device \Driver\atapi \Device\Ide\IdePort0 8AB7D1F8
Device \Driver\atapi \Device\Ide\IdePort1 8AB7D1F8
Device \Driver\atapi \Device\Ide\IdePort2 8AB7D1F8
Device \Driver\atapi \Device\Ide\IdePort3 8AB7D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8AB7D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89BBF1F8
Device \Driver\NetBT \Device\NetbiosSmb 89BBF1F8
Device \Driver\Tcpip \Device\Udp 89D816E8
Device \Driver\Tcpip \Device\Udp 8AA2AD50
Device \Driver\Tcpip \Device\Udp 8A200768
Device \Driver\Tcpip \Device\Udp 8A9D89C0
Device \Driver\Tcpip \Device\Udp 8A1BF790
Device \Driver\Tcpip \Device\RawIp 89D816E8
Device \Driver\Tcpip \Device\RawIp 8AA2AD50
Device \Driver\Tcpip \Device\RawIp 8A200768
Device \Driver\Tcpip \Device\RawIp 8A9D89C0
Device \Driver\Tcpip \Device\RawIp 8A1BF790
Device \Driver\usbohci \Device\USBFDO-0 8A95D1F8
Device \Driver\usbehci \Device\USBFDO-1 8A9591F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89BBD1F8
Device \Driver\Tcpip \Device\IPMULTICAST 89D816E8
Device \Driver\Tcpip \Device\IPMULTICAST 8AA2AD50
Device \Driver\Tcpip \Device\IPMULTICAST 8A200768
Device \Driver\Tcpip \Device\IPMULTICAST 8A9D89C0
Device \Driver\Tcpip \Device\IPMULTICAST 8A1BF790
Device \Driver\sptd \Device\3179548584 spha.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89BBD1F8
Device \Driver\Ftdisk \Device\FtControl 8ABED1F8
Device \Driver\usbstor \Device\000000ca 8A987500
Device \Driver\NetBT \Device\NetBT_Tcpip_{7547DDA6-EB5A-45A5-8CFF-4B735F72C3F3} 89BBF1F8
Device \Driver\usbstor \Device\000000cc 8A987500
Device \Driver\awvldtzi \Device\Scsi\awvldtzi1 8A8761F8
Device \Driver\awvldtzi \Device\Scsi\awvldtzi1Port4Path0Target0Lun0 8A8761F8
Device \Driver\PCI_PNP7334 \Device\0000008d spha.sys
Device \FileSystem\Fastfat \Fat 89B39500
AttachedDevice \FileSystem\Fastfat \Fat SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8A892500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45 0x92 0xB2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@imagepath \systemroot\system32\drivers\ovfsthfksdimmvrtjuwacngyjjtypaplqejkow.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@inst 0
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@ver sni060409
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@cid 01
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@bid 271272685-2216208703-816471841-2186339326
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@aid 998
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@sid 3
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@cmddelay 28801
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@logoffset 1719
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\ff
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{E4017F13-95B8-4F81-A7AF-22AA325662F7}
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\ff@version 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\injector@iexplore.exe ovfsthwi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\injector@explorer.exe ovfsthff.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthfksdimmvrtjuwacngyjjtypaplqejkow.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsth.dll \systemroot\system32\ovfsthuhyvlalkteykfaidfaklurvocoqagtqq.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsthlog.dat \systemroot\system32\ovfsthyjtiuyevaydicmuhwxxcjmmynrftxqfh.dat
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsthwi.dll \systemroot\system32\ovfsthcbjjclmfogshngujavtpompdlqslauoe.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsthff.dll \systemroot\system32\ovfsthlnlgkxkwwsotjtwvkefhpistvijmjcto.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsth.dat \systemroot\system32\ovfsthtgjrupmwlpwmupexiaaeesedtkjrfopf.dat
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45 0x92 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@imagepath \systemroot\system32\drivers\ovfsthfksdimmvrtjuwacngyjjtypaplqejkow.sys
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs@inst 0
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@ver sni060409
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@cid 01
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@bid 271272685-2216208703-816471841-2186339326
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@aid 998
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@sid 3
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@cmddelay 28801
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main@logoffset 1719
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\ff
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{E4017F13-95B8-4F81-A7AF-22AA325662F7}
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\ff@version 1
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\injector@iexplore.exe ovfsthwi.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\injector@explorer.exe ovfsthff.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthfksdimmvrtjuwacngyjjtypaplqejkow.sys
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsth.dll \systemroot\system32\ovfsthuhyvlalkteykfaidfaklurvocoqagtqq.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsthlog.dat \systemroot\system32\ovfsthyjtiuyevaydicmuhwxxcjmmynrftxqfh.dat
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsthwi.dll \systemroot\system32\ovfsthcbjjclmfogshngujavtpompdlqslauoe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsthff.dll \systemroot\system32\ovfsthlnlgkxkwwsotjtwvkefhpistvijmjcto.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs\modules@ovfsth.dat \systemroot\system32\ovfsthtgjrupmwlpwmupexiaaeesedtkjrfopf.dat
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45 0x92 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45 0x92 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45 0x92 0xB2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF 0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53 0x91 0x24 0x52 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32@ C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ProgID@ ShoppingReport.RprtCtrl.1
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\TypeLib@ {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\VersionIndependentProgID@ ShoppingReport.RprtCtrl
Reg HKLM\SOFTWARE\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance\InitPropertyBag@Url http://hotbar.com
Reg HKLM\SOFTWARE\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32@ C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID@ ShoppingReport.HbInfoBand.1
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib@ {E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID@ ShoppingReport.HbInfoBand
Reg HKLM\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32@ c:\windows\system32\sefoseyo.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\mailto@ URL:MailTo Protocol
Reg HKLM\SOFTWARE\Classes\mailto@URL Protocol
Reg HKLM\SOFTWARE\Classes\mailto\DefaultIcon
Reg HKLM\SOFTWARE\Classes\mailto\DefaultIcon@ %ProgramFiles%\Outlook Express\msimn.exe,-2
Reg HKLM\SOFTWARE\Classes\mailto\shell
Reg HKLM\SOFTWARE\Classes\mailto\shell\open
Reg HKLM\SOFTWARE\Classes\mailto\shell\open\command
Reg HKLM\SOFTWARE\Classes\mailto\shell\open\command@ "%ProgramFiles%\Outlook Express\msimn.exe" /mailurl:%1
Reg HKLM\SOFTWARE\Classes\MSIDXS@ Microsoft OLE DB Provider for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid@ {F9AE8980-7E52-11d0-8964-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup@ Microsoft OLE DB Error Lookup for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid@ {F9AE8981-7E52-11d0-8964-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho@ Google Toolbar Notifier BHO
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID@ {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CurVer
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CurVer@ protector_dll.ProtectorBho.1
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1@ Google Toolbar Notifier BHO
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1\CLSID@ {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib@ ProtectorLib Class
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib\CLSID@ {84798B8E-69F8-4846-9516-373C2996E2F7}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib\CurVer
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib\CurVer@ protector_dll.ProtectorLib.1
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1@ ProtectorLib Class
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1\CLSID@ {84798B8E-69F8-4846-9516-373C2996E2F7}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID@ {bf404da2-7d3b-11d3-b9e5-00c04f79e399}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer@ RstrCC.RstrProgress.1
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID@ {bf404da2-7d3b-11d3-b9e5-00c04f79e399}
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\57\Shell@WinPos1024x768(1).left 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\57\Shell@WinPos1024x768(1).top 0
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\57\Shell@WinPos1024x768(1).right 800
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\57\Shell@WinPos1024x768(1).bottom 600
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
---- EOF - GMER 1.0.15 ---- | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-20-2009 3:47 (GMT +1) | | Ach - one reason ComboFix was tampered with is that I flubbed that last run of fixes a bit. Too fast or too much copy/paste I reckon. Let's have another go at that and then check after.
TorrentQ - I had never even seen that beofre. As far as web info goes that is malware embedded software. Did you install that by choice? Given all the expensive and known hack softwares showing here and all the torrent activity, be sure to review the info here. If Virut is not on this system now it likely soon will be.
Disable all security software again.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"autochk"=-
Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.
Save this to your desktop as "afix.reg"
Be sure to include the "" quotes in the name.
Then right click afix.reg, select Merge, and allow it to merge the new information with the Registry.
-------------------
Open Avenger again.
Okay the warning. When the Avenger display opens copy/paste the following text inside the Code box into the Avenger box titled "Input script here:". Then click the Execute button to run the repair, click Yes, then allow Avenger to reboot your system.
Begin copying here:
Drivers to delete:
ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs
Files to delete:
c:\windows\system32\drivers\ovfsthfksdimmvrtjuwacngyjjtypaplqejkow.sys
C:\WINDOWS\system32\net.net
C:\WINDOWS\system32\prnet.tmp
Folders to delete:
C:\Program Files\NetPumper
Registry keys to delete:
HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs
HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs
Your system may reboot twice (it likely will) to complete the repairs. After the reboot a text will open - copy/paste those contents back here please. The log can also be found at C:\avenger.txt.
---------
Then download Malwarebytes' Anti-Malware from Here or Here.
Right click to download, select Save Target/File As, and rename that mbam-setup.exe to bami.com as you download and save it to your desktop (don't download and then rename it).
Double Click bami.com to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
-------
Run a new RSIT scan and post that main log along with the C:\avenger.txt log and the Malwarebytes log please. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-21-2009 5:27 (GMT +1) | | Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Driver "ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs" deleted successfully.
Error: file "c:\windows\system32\drivers\ovfsthfksdimmvrtjuwacngyjjtypaplqejkow.sys" not found!
Deletion of file "c:\windows\system32\drivers\ovfsthfksdimmvrtjuwacngyjjtypaplqejkow.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\net.net" not found!
Deletion of file "C:\WINDOWS\system32\net.net" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\prnet.tmp" not found!
Deletion of file "C:\WINDOWS\system32\prnet.tmp" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: folder "C:\Program Files\NetPumper" not found!
Deletion of folder "C:\Program Files\NetPumper" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry key "HKLM\SYSTEM\ControlSet002\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs" deleted successfully.
Registry key "HKLM\SYSTEM\ControlSet003\Services\ovfsthsxnpupdofojdppirjcucxiqpkeyahdfs" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
5/21/2009 11:27:21 AM
mbam-log-2009-05-21 (11-27-21).txt
Scan type: Quick Scan
Objects scanned: 118267
Time elapsed: 12 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 23
Registry Values Infected: 9
Registry Data Items Infected: 8
Folders Infected: 12
Files Infected: 89
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\autochk.dll (Trojan.FakeAlert) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{a8b0f390-e6bf-4027-a4d4-1e4363f5e27b} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a9e33220-0b05-11d7-88d2-444553540000} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0abbf96-17dc-44ca-96d0-6217064a97ba} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1aa406ab-f581-42ab-b4d1-31d2e13819ef} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e19b133d-184e-4bba-8a70-38489c9dd31b} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{1145a909-a836-44b8-b03a-48d858b0f43e} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f7258f6e-9f60-49c0-8c82-f0a0993d68e0} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d5792aa9-d373-4039-8670-2cdab6a71f15} (Trojan.Lop) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eddbb5ee-bb64-4bfc-9dbe-e7c85941335b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d204b1e5-2934-df4b-a836-2328a1331dc9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\Download with NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-netpumper-detector (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\NetPumper (Adware.NetPumper) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Delete on reboot.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Netscape\Netscape Navigator\Automation Protocols\ftp (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Netscape\Netscape Navigator\Automation Protocols\http (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\Zango@Zango.com (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zango 10.3.75.0 (Adware.Zango) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceActiveDesktopOn (Hijack.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\res1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Døktør\Application Data\gadcom (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\fosutozi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\izotusof.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hedugita.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\atigudeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jimijudo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\odujimij.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\la!!!uni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\inupowal.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pajeleti.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\itelejap.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pipuduse.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\esudupip.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tadiduna.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anudidat.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\benugame.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bipewepa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\duduhahi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fevudufe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fugomire.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fumupahi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fusageza.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gogedefi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\guvokahi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\husinobe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jazetipi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jeleguja.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kulurefi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\maboseye.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nifudoju.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rusogebu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvagola.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ruvopube.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sabujopa.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz163.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz1B3.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz22E.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz22F.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz266.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz267.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz268.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz269.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz26A.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trz3C7.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\trzBF.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vayasewu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vekujusi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wenanare.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zeladugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yoyorena.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vipusozi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zezowawi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zozeyaso.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pazesawo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Døktør\Local Settings\Temp\__35.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Local Settings\Temp\tmp42A1.tmp (Adware.AdRotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\ShoppingReport\cs\res1\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAAbout.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAau.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSAEula.mht (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\ZangoSA\ZangoSA_kyf.dat (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\Døktør\Application Data\gadcom\gadcom.exe7vb (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\Application Data\NetPumper\Owner.ini (Adware.NetPumper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Døktør\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Døktør\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\TEMP\mousehook.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Døktør\Local Settings\Temp\__17.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner.YOUR-DC3E0B8F38\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\Døktør\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sdra64.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Log.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully. | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-21-2009 9:58 (GMT +1) | | | Heavily infected, but once that rootkit is out of the way the wall starts to crumble. Post back a new RSIT log please. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-21-2009 11:22 (GMT +1) | | Logfile of random's system information tool 1.06 (written by random/random)
Run by Døktør at 2009-05-21 17:21:17
Microsoft Windows XP Professional Service Pack 2
System drive C: has 43 GB (18%) free of 233 GB
Total RAM: 1919 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:21 PM, on 5/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Døktør\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Døktør.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [msci] "C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\20061229211242_mcinfo.exe" /insfin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF6504.exe" /c "C:\Combi\C.bat"
O4 - HKCU\..\Run: [ptidle] "C:\Documents and Settings\Døktør\Application Data\ptidle\ptidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AOL??????·???????] "C:\PROGRA~1\AIM95\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\My Documents\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\My Documents\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\My Documents\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9cc402f517f51) (gupdate1c9cc402f517f51) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 11119 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - MEGAUPLOADTOOLBAR - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-06-01 1929160]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-12 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-01-11 166304]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-15 37376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-14 16010752]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"prnet"=C:\WINDOWS\system32\prnet.tmp []
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"msci"=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\20061229211242_mcinfo.exe /insfin []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-12-08 550912]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"combofix"=C:\WINDOWS\system32\CF6504.exe [2009-05-19 388608]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ptidle"=C:\Documents and Settings\Døktør\Application Data\ptidle\ptidle.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139 []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-04 68856]
"Power2GoExpress"=NA []
"E6TaskPanel"=C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"AOL??????·???????"=C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl []
"Aim6"= []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2006-11-17 209408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
"notification packages"=scecli
C:\WINDOWS\system32\gonihuha.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1155139980\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1155139980\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM"
"J:\PortableApps\MirandaPortable\App\miranda\miranda32.exe"="J:\PortableApps\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"J:\PortableApps\FileZillaPortable\App\filezilla\FileZilla.exe"="J:\PortableApps\FileZillaPortable\App\filezilla\FileZilla.exe:*:Enabled:FileZilla"
"C:\BearShare\BearShare.exe"="C:\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\TorrentQ\TorrentQ.exe"="C:\Program Files\TorrentQ\TorrentQ.exe:*:Enabled:Torrent P2P application"
"C:\Program Files\1&1\1&1 SoftPhone\IPPHONE.EXE"="C:\Program Files\1&1\1&1 SoftPhone\IPPHONE.EXE:*:Enabled:1&1 SoftPhone"
"C:\Program Files\CodeGear\Delphi for PHP\1.0\debugger\DbgListener.exe"="C:\Program Files\CodeGear\Delphi for PHP\1.0\debugger\DbgListener.exe:*:Enabled:Listener for php debugger DBG"
"C:\Program Files\CodeGear\Delphi for PHP\1.0\apache2\bin\Apache.exe"="C:\Program Files\CodeGear\Delphi for PHP\1.0\apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Documents and Settings\Døktør\My Documents\BitTorrent\bittorrent.exe"="C:\Documents and Settings\Døktør\My Documents\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Døktør\Desktop\GMOD10\hl2.exe"="C:\Documents and Settings\Døktør\Desktop\GMOD10\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\Norton PC Checkup\PC_Checkup.exe"="C:\Program Files\Norton PC Checkup\PC_Checkup.exe:*:Enabledc_checkup"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"
"C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:RTHDCPL"
"C:\WINDOWS\zHotkey.exe"="C:\WINDOWS\zHotkey.exe:*:Enabled:zHotkey"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe:*:Enabled:apdproxy"
"C:\WINDOWS\system32\defrag.exe"="C:\WINDOWS\system32\defrag.exe:*:Enabled:defrag"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\WINDOWS\system32\dllhost.exe"="C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost"
"C:\Program Files\Viewpoint\Common\ViewpointService.exe"="C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\WINDOWS\arservice.exe"="C:\WINDOWS\arservice.exe:*:Enabled:arservice"
"C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\garrysmod\hl2.exe"="C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\team fortress 2\hl2.exe"="C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\HLServer\orangebox\srcds.exe"="C:\HLServer\orangebox\srcds.exe:*:Enabled:srcds"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe"="C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe:*:Enabled:fbserver"
"C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe"="C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe:*:Enabled:fbguard"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb2d2bc-dd6d-11db-b10b-0040ca9b55bc}]
shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e6734b-27be-11db-b115-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 1 months======
2009-05-21 11:13:27 ----D---- C:\Documents and Settings\Døktør\Application Data\Malwarebytes
2009-05-21 11:13:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-21 11:13:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-19 19:11:35 ----A---- C:\WINDOWS\system32\lmn_setup.exe
2009-05-19 19:02:21 ----A---- C:\Boot.bak
2009-05-19 19:02:11 ----RASHD---- C:\cmdcons
2009-05-19 19:00:48 ----A---- C:\WINDOWS\zip.exe
2009-05-19 19:00:48 ----A---- C:\WINDOWS\vFind.exe
2009-05-19 19:00:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-05-19 19:00:48 ----A---- C:\WINDOWS\SWSC.exe
2009-05-19 19:00:48 ----A---- C:\WINDOWS\SWREG.exe
2009-05-19 19:00:48 ----A---- C:\WINDOWS\sed.exe
2009-05-19 19:00:48 ----A---- C:\WINDOWS\grep.exe
2009-05-19 19:00:32 ----D---- C:\WINDOWS\ERDNT
2009-05-19 19:00:31 ----D---- C:\Combi
2009-05-19 19:00:31 ----A---- C:\WINDOWS\system32\CF6504.exe
2009-05-19 19:00:29 ----D---- C:\Qoobox
2009-05-19 18:49:52 ----D---- C:\_OTMoveIt
2009-05-19 13:50:12 ----D---- C:\rsit
2009-05-19 12:37:41 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-19 12:37:35 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-19 12:37:35 ----D---- C:\Documents and Settings\Døktør\Application Data\SUPERAntiSpyware.com
2009-05-12 18:10:53 ----D---- C:\WINDOWS\pss
2009-05-10 15:52:58 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-05-10 15:47:54 ----D---- C:\AeriaGames
2009-05-05 19:55:24 ----D---- C:\Program Files\GIMP-2.0
2009-05-03 17:37:00 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
======List of files/folders modified in the last 1 months======
2009-05-21 17:21:21 ----D---- C:\WINDOWS\Prefetch
2009-05-21 17:03:26 ----D---- C:\Program Files\Mozilla Firefox
2009-05-21 16:54:44 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-05-21 14:53:29 ----D---- C:\WINDOWS\TEMP
2009-05-21 13:29:51 ----SD---- C:\WINDOWS\Tasks
2009-05-21 13:29:38 ----D---- C:\WINDOWS
2009-05-21 11:31:08 ----A---- C:\WINDOWS\ModemLog_Standard 28800 bps Modem.txt
2009-05-21 11:30:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-21 11:30:41 ----D---- C:\WINDOWS\Registration
2009-05-21 11:30:10 ----D---- C:\WINDOWS\system32
2009-05-21 11:30:09 ----D---- C:\WINDOWS\system32\drivers
2009-05-21 11:29:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-21 11:27:21 ----D---- C:\Program Files
2009-05-19 23:14:57 ----SHD---- C:\WINDOWS\Installer
2009-05-19 23:14:57 ----D---- C:\Config.Msi
2009-05-19 23:14:47 ----D---- C:\Program Files\Google
2009-05-19 19:02:21 ----RASH---- C:\boot.ini
2009-05-19 12:36:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-17 21:25:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-14 20:29:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-13 12:35:53 ----D---- C:\WINDOWS\system32\Restore
2009-05-13 07:18:01 ----HD---- C:\WINDOWS\inf
2009-05-12 20:50:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-05-12 19:15:42 ----A---- C:\WINDOWS\win.ini
2009-05-12 19:15:42 ----A---- C:\WINDOWS\system.ini
2009-05-12 18:08:26 ----SHD---- C:\WINDOWS\CSC
2009-05-10 15:52:59 ----D---- C:\WINDOWS\system32\DirectX
2009-05-10 15:47:54 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-07 21:01:17 ----D---- C:\Program Files\Digsby
2009-05-06 14:33:51 ----D---- C:\Documents and Settings\Døktør\Application Data\gtk-2.0
2009-05-03 18:04:26 ----D---- C:\Documents and Settings\Døktør\Application Data\Google
2009-05-03 18:00:00 ----D---- C:\temp
2009-04-26 12:26:48 ----D---- C:\Documents and Settings\Døktør\Application Data\dvdcss
2009-04-24 20:15:48 ----D---- C:\Program Files\Last.fm
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-09 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2006-11-17 15360]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-10 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 vidcap;vidcap; C:\WINDOWS\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 ag10ghj7;ag10ghj7; C:\WINDOWS\system32\drivers\ag10ghj7.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\DKTR~1\LOCALS~1\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-08-09 172032]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2006-11-17 3299328]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S2 gupdate1c9cc402f517f51;Google Update Service (gupdate1c9cc402f517f51); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-03 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-01-11 2138528]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF----------------- | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-22-2009 4:30 (GMT +1) | | One hold-out, so we will have to see if it is loading from somewhere else now.
Disable all security software and then open OTMoveIt again.
Copy the file path(s) below (inside the Code box) to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):
:files
C:\WINDOWS\system32\gonihuha.dll
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ptidle"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\BearShare\\BearShare.exe"=-
"C:\\WINDOWS\\explorer.exe"=-
"C:\\WINDOWS\\system32\\defrag.exe"=-
"C:\\WINDOWS\\system32\\winlogon.exe"=-
"C:\\WINDOWS\\system32\\rundll32.exe"=-
"C:\\WINDOWS\\system32\\dllhost.exe"=-
"C:\\WINDOWS\\system32\\userinit.exe"=-
"C:\\WINDOWS\\system32\\lsass.exe"=-
:commands
[emptytemp]
Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".
-----------
Then open and update Malwarebytes again.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.
-------
Run a new RSIT scan and post that main log along with the OTMoveIt log and the Malwarebytes log please. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 5-22-2009 7:41 (GMT +1) | | ========== FILES ==========
File/Folder C:\WINDOWS\system32\gonihuha.dll not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ptidle deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,00,63,00,65,00,63,00,6c,00,69,00,00,00,00,00 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\BearShare\BearShare.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\explorer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\defrag.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winlogon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\dllhost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\userinit.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\lsass.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\DKTR~1\LOCALS~1\Temp\etilqs_jqndMEBBLDhQQhctvl88 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\EH7RFD80\tcodewads_at.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\ALL33J0J\AIM_UAC_v2.adp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\ALL33J0J\pass.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\ALL33J0J\size=120x90;noperf=1;alias=93245511;cfp=1;noaddonpl=y;kvmn=93245511;target=_blank;aduho=300;grp=8171109;misc=8171109.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\ALL33J0J\tcodeqt.html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\6QH77QNP\size=120x90;noperf=1;alias=93245511;cfp=1;noaddonpl=y;kvmn=93245511;target=_blank;aduho=300;grp=8211343;misc=8211343.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\6QH77QNP\tcode3.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05222009_113445
Files moved on Reboot...
File C:\DOCUME~1\DKTR~1\LOCALS~1\Temp\etilqs_jqndMEBBLDhQQhctvl88 not found!
C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\EH7RFD80\tcodewads_at.htm moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\ALL33J0J\AIM_UAC_v2.adp moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\ALL33J0J\pass.htm moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\ALL33J0J\size=120x90;noperf=1;alias=93245511;cfp=1;noaddonpl=y;kvmn=93245511;target=_blank;aduho=300;grp=8171109;misc=8171109.htm moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\ALL33J0J\tcodeqt.html moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\6QH77QNP\size=120x90;noperf=1;alias=93245511;cfp=1;noaddonpl=y;kvmn=93245511;target=_blank;aduho=300;grp=8211343;misc=8211343.htm moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Temporary Internet Files\Content.IE5\6QH77QNP\tcode3.htm moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Døktør\Local Settings\Application Data\Mozilla\Firefox\Profiles\ey21ouqq.default\XUL.mfl moved successfully.
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2
5/22/2009 1:41:27 PM
mbam-log-2009-05-22 (13-41-27).txt
Scan type: Quick Scan
Objects scanned: 116427
Time elapsed: 11 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Delete on reboot.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected) | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 5-23-2009 2:24 (GMT +1) | | You didn't post the new RSIT log, but as Malwarebytes only located registry orphans let's go with a scan to check for anything else that might remain.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Then Go here and run the Kaspersky online scan, and post back the log it creates.
To use the scan, accept the agreement and make sure you allow the ActiveX object to download and install (check the "yellow bar" at the top if needed to allow this). Once the Database download is completed, under Scan in the left column click My Computer to start the scan. This may take a very long time, so allow the scan to run and perhaps find something else to do.
When the scan completes click View Scan Report. Then click Save Report As, and using the dropdown box save the report as "Files of Type: -> Text file (.txt)" to a location where you can find it again. Use any name you wish for the log.
Then locate that log and copy/paste those contents back here please.
The scan requires a good bit of database downloading and can take quite a while to complete.
------------------
Run a new RSIT scan, and post that log and the Kaspersky please. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 6-19-2009 6:54 (GMT +1) | | Couldn't get Kerpasky to work kept saying i needed Java 1.5 or better (which i already have) and just kept leading my in circles
but here's the RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Døktør at 2009-06-19 12:55:48
Microsoft Windows XP Professional Service Pack 2
System drive C: has 31 GB (13%) free of 233 GB
Total RAM: 1919 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:48 PM, on 6/19/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
c:\program files\aim toolbar\aimtbServer.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\Døktør\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Døktør.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5228
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: (no name) - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {04CB4B1B-A49C-467B-8A35-C39E5AF3B6D5} - C:\WINDOWS\system32\comaddi.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [readericon] "C:\Program Files\Digital Media Reader\readericon45G.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [prnet] "C:\WINDOWS\system32\prnet.tmp"
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
O4 - HKLM\..\Run: [msci] "C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\20061229211242_mcinfo.exe" /insfin
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF6504.exe" /c "C:\Combi\C.bat"
O4 - HKLM\..\Run: [net] "C:\WINDOWS\system32\net.net"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AOL??????·???????] "C:\PROGRA~1\AIM95\aim.exe" -cnetwait.odl
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\My Documents\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\My Documents\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\My Documents\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9cc402f517f51) (gupdate1c9cc402f517f51) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 11391 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04CB4B1B-A49C-467B-8A35-C39E5AF3B6D5}]
C:\WINDOWS\system32\comaddi.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-12 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-19 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-19 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - MEGAUPLOADTOOLBAR - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2007-06-01 1929160]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-09-18 7204864]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-01-11 166304]
"XboxStat"=c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-01-15 37376]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-19 148888]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-14 16010752]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"readericon"=C:\Program Files\Digital Media Reader\readericon45G.exe [2005-12-09 139264]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-01-31 385024]
"prnet"=C:\WINDOWS\system32\prnet.tmp []
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-09-18 86016]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-10 59392]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]
"msci"=C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\20061229211242_mcinfo.exe /insfin []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-10 44032]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"CHotkey"=C:\WINDOWS\zHotkey.exe [2004-12-08 550912]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"combofix"=C:\WINDOWS\system32\CF6504.exe [2009-05-19 388608]
"net"=C:\WINDOWS\system32\net.net [2009-06-17 110592]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-04 68856]
"Power2GoExpress"=NA []
"E6TaskPanel"=C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"AOL??????·???????"=C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl []
"Aim6"= []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Corel MEDIA FOLDERS INDEXER 8.LNK - C:\Corel\Graphics8\Programs\MFIndexer.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2006-11-17 209408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoActiveDesktop"=0
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\Program Files\Common Files\AOL\1155139980\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1155139980\EE\AOLServiceHost.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Last.fm\LastFM.exe"="C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM"
"J:\PortableApps\MirandaPortable\App\miranda\miranda32.exe"="J:\PortableApps\MirandaPortable\App\miranda\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"J:\PortableApps\FileZillaPortable\App\filezilla\FileZilla.exe"="J:\PortableApps\FileZillaPortable\App\filezilla\FileZilla.exe:*:Enabled:FileZilla"
"C:\Program Files\TorrentQ\TorrentQ.exe"="C:\Program Files\TorrentQ\TorrentQ.exe:*:Enabled:Torrent P2P application"
"C:\Program Files\1&1\1&1 SoftPhone\IPPHONE.EXE"="C:\Program Files\1&1\1&1 SoftPhone\IPPHONE.EXE:*:Enabled:1&1 SoftPhone"
"C:\Program Files\CodeGear\Delphi for PHP\1.0\debugger\DbgListener.exe"="C:\Program Files\CodeGear\Delphi for PHP\1.0\debugger\DbgListener.exe:*:Enabled:Listener for php debugger DBG"
"C:\Program Files\CodeGear\Delphi for PHP\1.0\apache2\bin\Apache.exe"="C:\Program Files\CodeGear\Delphi for PHP\1.0\apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Disabled:Files and Settings Transfer Wizard"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam Client"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Documents and Settings\Døktør\My Documents\BitTorrent\bittorrent.exe"="C:\Documents and Settings\Døktør\My Documents\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\Døktør\Desktop\GMOD10\hl2.exe"="C:\Documents and Settings\Døktør\Desktop\GMOD10\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Norton PC Checkup\PC_Checkup.exe"="C:\Program Files\Norton PC Checkup\PC_Checkup.exe:*:Enabledc_checkup"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox"
"C:\WINDOWS\RTHDCPL.exe"="C:\WINDOWS\RTHDCPL.exe:*:Enabled:RTHDCPL"
"C:\WINDOWS\zHotkey.exe"="C:\WINDOWS\zHotkey.exe:*:Enabled:zHotkey"
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe:*:Enabled:apdproxy"
"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe:*:Enabled:AppleMobileDeviceService"
"C:\Program Files\Viewpoint\Common\ViewpointService.exe"="C:\Program Files\Viewpoint\Common\ViewpointService.exe:*:Enabled:ViewpointService"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\WINDOWS\arservice.exe"="C:\WINDOWS\arservice.exe:*:Enabled:arservice"
"C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\garrysmod\hl2.exe"="C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\garrysmod\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\team fortress 2\hl2.exe"="C:\Program Files\Valve\Steam\steamapps\DrLaziestNinjaEvar\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\HLServer\orangebox\srcds.exe"="C:\HLServer\orangebox\srcds.exe:*:Enabled:srcds"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe"="C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe:*:Enabled:fbserver"
"C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe"="C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe:*:Enabled:fbguard"
"C:\Program Files\Google\Update\GoogleUpdate.exe"="C:\Program Files\Google\Update\GoogleUpdate.exe:*:Enabled:GoogleUpdate"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb2d2bc-dd6d-11db-b10b-0040ca9b55bc}]
shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3f23e81-97b1-11db-b0da-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7e6734b-27be-11db-b115-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
======List of files/folders created in the last 1 months======
2009-06-19 12:47:47 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-06-16 07:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-06-16 07:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-06-16 07:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-06-16 07:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-06-16 07:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-06-16 07:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-16 07:01:19 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-16 07:01:13 ----D---- C:\Program Files\MSXML 6.0
2009-06-16 07:01:04 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-06-16 07:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-06-16 07:00:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-06-16 07:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-16 07:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-06-16 07:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-06-16 07:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-06-16 06:59:07 ----A---- C:\WINDOWS\system32\MRT.exe
2009-06-16 06:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-16 06:58:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-06-16 06:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-16 06:58:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-06-15 19:15:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-06-15 19:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-06-02 17:00:41 ----D---- C:\Program Files\Chatango
2009-05-25 16:18:53 ----D---- C:\Documents and Settings\Døktør\Application Data\Stykz
2009-05-25 16:18:44 ----D---- C:\Program Files\Stykz
2009-05-21 11:13:27 ----D---- C:\Documents and Settings\Døktør\Application Data\Malwarebytes
2009-05-21 11:13:23 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-21 11:13:23 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
======List of files/folders modified in the last 1 months======
2009-06-19 12:47:49 ----D---- C:\Config.Msi
2009-06-19 12:47:48 ----D---- C:\WINDOWS\TEMP
2009-06-19 12:47:47 ----D---- C:\WINDOWS\system32
2009-06-19 12:47:38 ----SHD---- C:\WINDOWS\Installer
2009-06-19 12:47:36 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-19 12:47:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-19 12:47:36 ----A---- C:\WINDOWS\system32\java.exe
2009-06-19 12:47:34 ----D---- C:\Program Files\Java
2009-06-19 12:39:13 ----D---- C:\Program Files\Mozilla Firefox
2009-06-19 12:39:06 ----D---- C:\WINDOWS
2009-06-19 12:39:03 ----D---- C:\temp
2009-06-19 12:39:03 ----D---- C:\Combi
2009-06-19 12:39:01 ----D---- C:\WINDOWS\Prefetch
2009-06-19 12:36:10 ----SD---- C:\WINDOWS\Tasks
2009-06-19 11:58:43 ----A---- C:\WINDOWS\ModemLog_PCI Soft Data Fax Modem with SmartCP.txt
2009-06-19 10:13:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-06-19 07:33:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-19 06:49:19 ----A---- C:\WINDOWS\ModemLog_Standard 28800 bps Modem.txt
2009-06-19 06:48:21 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-18 20:56:44 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-18 20:44:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-06-18 20:07:21 ----HD---- C:\WINDOWS\inf
2009-06-17 10:29:23 ----D---- C:\WINDOWS\system32\drivers
2009-06-16 15:12:51 ----D---- C:\WINDOWS\Registration
2009-06-16 13:21:16 ----D---- C:\HLServer
2009-06-16 07:07:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-06-16 07:03:06 ----D---- C:\WINDOWS\system32\wbem
2009-06-16 07:02:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-16 07:02:06 ----A---- C:\WINDOWS\imsins.BAK
2009-06-16 07:01:36 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-16 07:01:26 ----D---- C:\Program Files\Internet Explorer
2009-06-16 07:01:13 ----D---- C:\Program Files
2009-06-16 07:00:19 ----A---- C:\WINDOWS\system32\MRT.INI
2009-06-15 19:17:10 ----D---- C:\WINDOWS\AppPatch
2009-06-07 10:31:47 ----D---- C:\Documents and Settings\Døktør\Application Data\dvdcss
2009-06-06 12:38:38 ----D---- C:\Documents and Settings\Døktør\Application Data\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2007-03-07 9336]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2007-03-07 9464]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225920]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-08-09 8552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-10 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-10 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-10 55936]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 40832]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-03-17 1033600]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2005-03-17 221440]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-16 4249088]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-09-18 3493984]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2006-11-17 15360]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-10 12416]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 vidcap;vidcap; C:\WINDOWS\system32\DRIVERS\vidcap.sys [2006-12-27 9006]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-17 705280]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 a4ihik58;a4ihik58; C:\WINDOWS\system32\drivers\a4ihik58.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\DKTR~1\LOCALS~1\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-10 40320]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-10 20480]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-19 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-09-18 131139]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-08-09 172032]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-01-11 61856]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S2 gupdate1c9cc402f517f51;Google Update Service (gupdate1c9cc402f517f51); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-03 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 183280]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2006-11-17 3299328]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-25 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-01-11 2138528]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-01-11 245664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]
-----------------EOF-----------------Post Edited (PaperMachine) : 19-06-2009 17:56:20 GMT | | Back to Top | | |
|
Jintan
Senior Member
Date Joined Dec 2006
Total Posts : 1424
| Posted 6-20-2009 1:36 (GMT +1) | | No Kasperksy usually means malware still active, and there is another startup that is now fairly obviously malware we need to remove.
To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.
Go to Start – Settings – Control Panel. Click on Add/Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on Remove. Then close the Control Panel.
NetPumper 1.50 - adware
Megaupload Toolbar - adware
TorrentQ version 2.1.0.0 - adware
Browser Address Error Redirector - pre-installed search hijacker
------------------
Then click OTM.exe to run it (Vista users, please right click on OTM.exe and select "Run as an Administrator").
Copy the file path(s) below (inside the Code box) to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):
:files
C:\WINDOWS\system32\net.net
C:\Program Files\NetPumper
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04CB4B1B-A49C-467B-8A35-C39E5AF3B6D5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"prnet"=-
"combofix"=-
"net"=-
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window and select Paste. Then click the red MoveIt! button.
A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".
-----------
Reboot into Safe Mode with Networking (at startup tap the F8 key and select that option from the menu).
Once in Safe Mode delete any existing copies of ComboFix.exe and Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to combi.com, then click the renamed combi.com to run that scan.
Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.
A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Post that log and the OTM log please.
Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives. | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 6-21-2009 3:10 (GMT +1) | | GMER has been freezing a lot and i haven't been able to get a complete scan to copy
I've been running Super Anti-Spyware
and i've kept getting Rootkit.Agent/Gen-UACFake
Also I keep getting this Google Installer error message like when you close a non responsive program.
And Google has linked to unrelated links.
And last two days I've been randomly getting parts of audio playing through my speakers.
Would Safe Mode allow me to work without all these error messages? | | Back to Top | | |
|
PaperMachine
New Member
Date Joined May 2009
Total Posts : 17
| Posted 6-21-2009 4:53 (GMT +1) | | GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-20 22:52:00
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.15 ----
INT 0x62 ? 8ABE2BF8
INT 0x63 ? 8A9DEBF8
INT 0x73 ? 8ABE2BF8
INT 0xB4 ? 8A9DEBF8
Code 8A200708 ZwEnumerateKey
Code 8A0BF2C8 ZwFlushInstructionCache
Code 8A201706 IofCallDriver
Code 8A7811AE IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A0 5 Bytes JMP 8A20170B
.text ntkrnlpa.exe!IofCompleteRequest 804EF230 5 Bytes JMP 8A7811B3
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B5642 5 Bytes JMP 8A0BF2CC
PAGE ntkrnlpa.exe!ZwEnumerateKey 80622DE0 5 Bytes JMP 8A20070C
? sprv.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B96B862C 5 Bytes JMP 8A9DE1D8
? C:\WINDOWS\System32\drivers\edaf2e0c.sys The system cannot find the file specified.
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
0076000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[204] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
0077000A
.text C:\Program Files\Manson\liser.exe[332] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0093000A
.text C:\Program Files\Manson\liser.exe[332] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0094000A
.text C:\WINDOWS\eHome\ehRecvr.exe[432] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0062000A
.text C:\WINDOWS\eHome\ehRecvr.exe[432] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0063000A
.text C:\WINDOWS\eHome\ehSched.exe[444] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0060000A
.text C:\WINDOWS\eHome\ehSched.exe[444] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0061000A
.text C:\Documents and Settings\Døktør\Desktop\52um3yd3.exe[460] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
00AF000A
.text C:\Documents and Settings\Døktør\Desktop\52um3yd3.exe[460] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
00B0000A
.text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[464] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0089000A
.text C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe[464] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
008A000A
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\winlogon.exe[628] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 006A000A
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\services.exe[672] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0073000A
.text C:\WINDOWS\system32\lsass.exe[684] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0083000A
.text C:\WINDOWS\system32\lsass.exe[684] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0087000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[732] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0065000A
.text C:\WINDOWS\ehome\mcrdsvc.exe[732] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0066000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[936] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0073000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[936] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0074000A
.text C:\WINDOWS\system32\nvsvc32.exe[984] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 007D000A
.text C:\WINDOWS\system32\nvsvc32.exe[984] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 007E000A
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1024] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes
JMP 00A6000A
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[1024] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes
JMP 00A7000A
.text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1032] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
00B0000A
.text C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe[1032] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
00B1000A
.text c:\WINDOWS\system32\ZuneBusEnum.exe[1536] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
00A2000A
.text c:\WINDOWS\system32\ZuneBusEnum.exe[1536] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
00A3000A
.text C:\WINDOWS\Explorer.EXE[1552] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00BB000A
.text C:\WINDOWS\Explorer.EXE[1552] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00BC000A
.text C:\WINDOWS\system32\spoolsv.exe[1636] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\spoolsv.exe[1636] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00A9000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1972] ntdll.dll!LdrLoadDll 7C915CD3 5
Bytes JMP 0071000A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1972] ntdll.dll!LdrUnloadDll 7C916C9B 5
Bytes JMP 0072000A
.text C:\WINDOWS\arservice.exe[1984] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009E000A
.text C:\WINDOWS\arservice.exe[1984] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 009F000A
.text C:\WINDOWS\System32\alg.exe[2208] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0077000A
.text C:\WINDOWS\System32\alg.exe[2208] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0079000A
.text C:\WINDOWS\system32\ctfmon.exe[2640] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\ctfmon.exe[2640] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 009A000A
.text C:\Program Files\Zune\ZuneLauncher.exe[2696] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00BE000A
.text C:\Program Files\Zune\ZuneLauncher.exe[2696] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00BF000A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[2784] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
00B5000A
.text C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe[2784] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
00B7000A
.text C:\Program Files\Winamp\winampa.exe[2796] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 009D000A
.text C:\Program Files\Winamp\winampa.exe[2796] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 009E000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2804] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00AA000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2804] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00AC000A
.text C:\WINDOWS\RTHDCPL.EXE[2816] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
0198000A
.text C:\WINDOWS\RTHDCPL.EXE[2816] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
0199000A
.text C:\Program Files\Digital Media Reader\readericon45G.exe[2908] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
00A9000A
.text C:\Program Files\Digital Media Reader\readericon45G.exe[2908] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
00AA000A
.text C:\Program Files\QuickTime\QTTask.exe[2916] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00AD000A
.text C:\Program Files\QuickTime\QTTask.exe[2916] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00AE000A
.text C:\WINDOWS\system32\msiexec.exe[3044] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\msiexec.exe[3044] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0070000A
.text C:\WINDOWS\ehome\ehtray.exe[3148] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0094000A
.text C:\WINDOWS\ehome\ehtray.exe[3148] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0095000A
.text C:\WINDOWS\zHotkey.exe[3156] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00A9000A
.text C:\WINDOWS\zHotkey.exe[3156] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 00AA000A
.text C:\WINDOWS\ARPWRMSG.EXE[3164] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
0096000A
.text C:\WINDOWS\ARPWRMSG.EXE[3164] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
0097000A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3188] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes
JMP 00B9000A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe[3188] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes
JMP 00BA000A
.text C:\WINDOWS\eHome\ehmsas.exe[3228] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 0087000A
.text C:\WINDOWS\eHome\ehmsas.exe[3228] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0088000A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[3236] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
00AE000A
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[3236] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
00AF000A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00F0000A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
00F2000A
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!??2@YAPAXI@Z 77C29CC5 5 Bytes JMP
0A93B250 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!??3@YAXPAX@Z 77C29CDD 5 Bytes JMP
0A93B2A0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 77C29D9F 5
Bytes JMP 0A93B2C0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!_expand 77C29FE5 5 Bytes JMP
0A93B230 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!_heapadd 77C2BC9F 5 Bytes JMP
0A93B310 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!_heapchk 77C2BCB3 5 Bytes JMP
0A93B320 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!_heapset + 1 77C2BD83 4 Bytes JMP
0A93B351 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!_heapmin 77C2BD8C 5 Bytes JMP
0A93B420 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!_heapused 77C2BE3A 5 Bytes JMP
0A93B3F0 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!_heapwalk 77C2BE4D 5 Bytes JMP
0A93B360 C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!_msize 77C2BF6C 5 Bytes JMP 0A93B180
C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!calloc 77C2C0C3 5 Bytes JMP 0A93B110
C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!free 77C2C21B 5 Bytes JMP 0A93B170
C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!malloc 77C2C407 5 Bytes JMP 0A93B0D0
C:\WINDOWS\system32\SH33W32.dll
.text C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] msvcrt.dll!realloc 77C2C437 5 Bytes JMP 0A93B150
C:\WINDOWS\system32\SH33W32.dll
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3316] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP
00BD000A
.text C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[3316] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP
00BE000A
? C:\WINDOWS\system32\svchost.exe[3624] image checksum mismatch; time/date stamp
mismatch;
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] sprv.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] sprv.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] sprv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] sprv.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] sprv.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] sprv.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8AB2D438
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8AB2D340
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalSize]
[0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalUnlock]
[0A93C300] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]
[0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalHandle]
[0A93C100] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalLock]
[0A93C2A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalAlloc]
[0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalReAlloc]
[0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalFlags]
[0A93C0C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalSize]
[0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalLock]
[0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GlobalUnlock]
[0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalLock]
[0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalUnlock]
[0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]
[0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalSize]
[0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GlobalAlloc]
[0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]
[0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcessHeap]
[0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]
[0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]
[0A93BA90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcessHeap]
[0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap]
[0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]
[0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate]
[0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapValidate]
[0A93BB40] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCompact]
[0A93B930] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapWalk]
[0A93BB80] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate]
[0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcessHeap]
[0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]
[0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalReAlloc]
[0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalSize]
[0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalSize]
[0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalAlloc]
[0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalLock]
[0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalUnlock]
[0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]
[0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]
[0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalUnlock]
[0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalAlloc]
[0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GlobalLock]
[0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]
[0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]
[0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]
[0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalSize]
[0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy]
[0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate]
[0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock]
[0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock]
[0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap]
[0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!HeapValidate]
[0A93BB40] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!HeapCompact]
[0A93B930] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]
[0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibraryAndExitThread]
[0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]
[0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc]
[0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalSize] [0A93C160]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalReAlloc]
[0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalUnlock]
[0A93C300] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LocalLock]
[0A93C2A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalAlloc]
[0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA]
[0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcessHeap]
[0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalUnlock]
[0A93C180] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalLock]
[0A93C120] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GlobalSize]
[0A93C160] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA]
[0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]
[0A93A0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibraryAndExitThread]
[0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LocalSize]
[0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate]
[0A93B960] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcessHeap]
[0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]
[0A93B9C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibraryAndExitThread]
[0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibraryAndExitThread]
[0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GlobalAlloc]
[0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\Secur32.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\Secur32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [0A93B8C0]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalHandle]
[0A93C280] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LocalSize]
[0A93C2E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcessHeap]
[0A93B830] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap]
[0A93B8C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!RtlFreeHeap] [0A93BA00]
C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GlobalReAlloc]
[0A93C140] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW]
[0A939F90] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA]
[0A93A010] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibraryAndExitThread]
[0A93A230] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GlobalFree]
[0A93C0E0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GlobalAlloc]
[0A93C0A0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!FreeLibrary]
[0A93A200] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA]
[0A939F10] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LocalFree]
[0A93C260] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LocalAlloc]
[0A93C220] C:\WINDOWS\system32\SH33W32.dll
IAT C:\Corel\Graphics8\Programs\MFIndexer.exe[3288] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LocalReAlloc]
[0A93C2C0] C:\WINDOWS\system32\SH33W32.dll
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW]
81EC8B55
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl]
000208EC
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW]
57565300
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup]
01B1C033
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner]
000100BE
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor]
D1B60F00
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation]
F8158488
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken]
8AFFFFFE
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken]
80E280D1
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus]
F8058C88
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW]
40FFFFFD
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey]
D21ADAF6
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW]
E280D98A
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW]
32DB021B
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte]
B60F0040
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 18E2C1D1
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] D18A1089
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess]
8380E280
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread]
DAF604C0
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress]
E280D21A
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW]
32C9021B
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW]
6A000040
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] C9335B63
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] 94B81D89
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW]
0F410040
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] F80D84B6
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 8DFFFFFE
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW]
FFFEF795
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection]
8AD02BFF
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap]
D0C28A12
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode]
D0D032C0
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter]
D0D032C0
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject]
D0D032C0
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange]
32C232C0
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA]
C0B60FC3
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter]
B88D0489
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount]
89004094
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId]
C4E0850C
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId]
3B410040
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime]
33C47CCE
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess]
00FFBFC9
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter]
918A0000
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc]
[004094B8] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 8024C28A
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook]
C01AD8F6
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] C332DB02
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 8AF0B60F
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] 40C4E099
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] D2B60F00
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] E0C1C68B
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] C1C23308
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] C23308E0
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 3308E0C1
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 89C233C6
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 40C0E081
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 08C8C100
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] BCE08189
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] C8C10040
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] E0818908
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] C10040B8
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] 818908C8
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] [0040B4E0]
C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 2674DB84
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 0395B60F
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 0FFFFFFF
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx]
FEF80584
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen]
C203FFFF
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize]
F7F78B99
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf]
84B60FFE
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] FFFDF815
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW]
FC4589FF
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf]
658304EB
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status]
DB8400FC
IAT C:\WINDOWS\system32\svchost.exe[3624] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening]
B60F2674
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs edaf2e0c.sys
Device \FileSystem\Ntfs \Ntfs 8AB681F8
AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter
Driver/Webroot Software Inc (www.webroot.com))
Device \FileSystem\Fastfat \FatCdrom 8A8AE1F8
Device \Driver\usbstor \Device\000000ce 89BBF1F8
Device \Driver\PCI_PNP9766 \Device\0000008f sprv.sys
Device \Driver\Tcpip \Device\Ip 8A1D8748
Device \Driver\Tcpip \Device\Ip 8A7F3A00
Device \Driver\Tcpip \Device\Ip 89D77758
Device \Driver\usbstor \Device\000000cf 89BBF1F8
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2
Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2
Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
Device \Driver\usbohci \Device\USBPDO-0 8A9D61F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ABE41F8
Device \Driver\dmio \Device\DmControl\DmConfig 8ABE41F8
Device \Driver\dmio \Device\DmControl\DmPnP 8ABE41F8
Device \Driver\dmio \Device\DmControl\DmInfo 8ABE41F8
Device \Driver\usbehci \Device\USBPDO-1 8A97B1F8
Device \Driver\sptd \Device\1690751016 sprv.sys
Device \Driver\Tcpip \Device\Tcp 8A1D8748
Device \Driver\Tcpip \Device\Tcp 8A7F3A00
Device \Driver\Tcpip \Device\Tcp 89D77758
AttachedDevice \Driver\Tcpip \Device\Tcp driver.sys (driver/driver)
AttachedDevice \Driver\Tcpip \Device\Tcp edaf2e0c.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AB881F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AB881F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8ABE21F8
Device \Driver\atapi \Device\Ide\IdePort0 8ABE21F8
Device \Driver\atapi \Device\Ide\IdePort1 8ABE21F8
Device \Driver\atapi \Device\Ide\IdePort2 8ABE21F8
Device \Driver\atapi \Device\Ide\IdePort3 8ABE21F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e 8ABE21F8
Device \Driver\driverdrv \Device\Driver edaf2e0c.sys
Device \Driver\driverdrv \Device\DriverFD edaf2e0c.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 89BE61F8
Device \Driver\NetBT \Device\NetbiosSmb 89BE61F8
Device \Driver\usbstor \Device\000000d0 89BBF1F8
Device \Driver\usbstor \Device\000000d1 89BBF1F8
Device \Driver\Tcpip \Device\Udp 8A1D8748
Device \Driver\Tcpip \Device\Udp 8A7F3A00
Device \Driver\Tcpip \Device\Udp 89D77758
Device \Driver\Tcpip \Device\RawIp 8A1D8748
Device \Driver\Tcpip \Device\RawIp 8A7F3A00
Device \Driver\Tcpip \Device\RawIp 89D77758
Device \Driver\usbohci \Device\USBFDO-0 8A9D61F8
Device \Driver\usbehci \Device\USBFDO-1 8A97B1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89BB31F8
Device \Driver\Tcpip \Device\IPMULTICAST 8A1D8748
Device \Driver\Tcpip \Device\IPMULTICAST 8A7F3A00
Device \Driver\Tcpip \Device\IPMULTICAST 89D77758
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89BB31F8
Device \Driver\Ftdisk \Device\FtControl 8AB881F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7547DDA6-EB5A-45A5-8CFF-4B735F72C3F3} 89BE61F8
Device \Driver\au9i0ioz \Device\Scsi\au9i0ioz1 8A935500
Device \Driver\au9i0ioz \Device\Scsi\au9i0ioz1Port4Path0Target0Lun0 8A935500
Device \Driver\usbstor \Device\000000cc 89BBF1F8
Device \FileSystem\Fastfat \Fat 8A8AE1F8
AttachedDevice \FileSystem\Fastfat \Fat SSFS0509.SYS (Spy Sweeper FileSystem Filter
Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter
Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 8A844500
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [864]
0x02B20000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1064]
0x009B0000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1064] 0x00A70000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1148]
0x009B0000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1148] 0x00A70000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1172]
0x009B0000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1172] 0x00A70000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1220]
0x009B0000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1220] 0x00A70000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1348]
0x009B0000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1348] 0x00A70000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1404]
0x009B0000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1404] 0x00A70000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1496]
0x009B0000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1496] 0x00A70000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1552]
0x00CC0000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1724]
0x009B0000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1724] 0x00A70000
Library \\?\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [3624]
0x00C40000
Library \\?\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [3624] 0x00D00000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\System32\drivers\edaf2e0c.sys (*** hidden *** ) [SYSTEM] edaf2e0c
<-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACuwapmormvqehntd.sys (*** hidden *** ) [SYSTEM] UACd.sys
<-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program
Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45
0x92 0xB2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20
0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF
0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53
0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program
Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45
0x92 0xB2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20
0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF
0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53
0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program
Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45
0x92 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20
0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF
0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53
0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\edaf2e0c@ImagePath \SystemRoot\System32
\drivers\edaf2e0c.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\edaf2e0c@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\edaf2e0c@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\edaf2e0c@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program
Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45
0x92 0xB2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20
0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF
0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53
0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32
\drivers\UACuwapmormvqehntd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?
\globalroot\systemroot\system32\drivers\UACuwapmormvqehntd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?
\globalroot\systemroot\system32\UACbtnnjobdeqbnqbo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?
\globalroot\systemroot\system32\UAClqcbnkcefunawqc.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?
\globalroot\systemroot\system32\UACwfnhiehkrdjqhmh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?
\globalroot\systemroot\system32\UACheutcbxoxoutbdl.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?
\globalroot\systemroot\system32\UACnfkocehcafxavyq.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?
\globalroot\systemroot\system32\UACubvxsomgtbpvkov.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?
\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?
\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?
\globalroot\systemroot\system32\UACkyurarmlatwtgmq.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?
\globalroot\systemroot\system32\UACkrifuojhgclpufw.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?
\globalroot\systemroot\system32\UACwobydaxbhcingaf.log
Reg HKLM\SYSTEM\ControlSet005\Services\edaf2e0c@ImagePath \SystemRoot\System32
\drivers\edaf2e0c.sys
Reg HKLM\SYSTEM\ControlSet005\Services\edaf2e0c@Type 1
Reg HKLM\SYSTEM\ControlSet005\Services\edaf2e0c@Start 1
Reg HKLM\SYSTEM\ControlSet005\Services\edaf2e0c@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program
Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x71 0x45
0x92 0xB2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20
0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDF
0x59 0xFB 0xEE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x53
0x91 0x24 0x52 ...
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@imagepath \systemroot\system32
\drivers\UACuwapmormvqehntd.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACd \\?
\globalroot\systemroot\system32\drivers\UACuwapmormvqehntd.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACc \\?
\globalroot\systemroot\system32\UACbtnnjobdeqbnqbo.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacsr \\?
\globalroot\systemroot\system32\UAClqcbnkcefunawqc.dat
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uaclog \\?
\globalroot\systemroot\system32\UACwfnhiehkrdjqhmh.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmask \\?
\globalroot\systemroot\system32\UACheutcbxoxoutbdl.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacserf \\?
\globalroot\systemroot\system32\UACnfkocehcafxavyq.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmal \\?
\globalroot\systemroot\system32\UACubvxsomgtbpvkov.db
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacrem \\?
\globalroot\systemroot\system32\UACvmuimvendjdaimr.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacbbr \\?
\globalroot\systemroot\system32\UACvclxirrnfyaysnr.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACproc \\?
\globalroot\systemroot\system32\UACkyurarmlatwtgmq.log
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacurls \\?
\globalroot\systemroot\system32\UACkrifuojhgclpufw.log
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacerrors \\?
\globalroot\systemroot\system32\UACwobydaxbhcingaf.log
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKLM\SOFTWARE\Classes\.xpl@ RealPlayer.MP3PL.6
Reg HKLM\SOFTWARE\Classes\.xpl@Content Type audio/mpegurl
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32@
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\InprocServer32@ThreadingModel
Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\ProgID@
ShoppingReport.RprtCtrl.1
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\TypeLib@
{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
Reg HKLM\SOFTWARE\Classes\CLSID\{100EB1FD-D03E-47FD-81F3-EE91287F9465}\VersionIndependentProgID@
ShoppingReport.RprtCtrl
Reg HKLM\SOFTWARE\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\Instance\InitPropertyBag@Url
http://hotbar.com
Reg HKLM\SOFTWARE\Classes\CLSID\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358}\MiscStatus\1@ 131473
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\Implemented Categories\{00021493-0000-0000-
C000-000000000046}
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32@
C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\InprocServer32@ThreadingModel
Both
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\ProgID@
ShoppingReport.HbInfoBand.1
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\TypeLib@
{E343EDFC-1E6C-4CB5-AA29-E9C922641C80}
Reg HKLM\SOFTWARE\Classes\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}\VersionIndependentProgID@
ShoppingReport.HbInfoBand
Reg HKLM\SOFTWARE\Classes\mailto@ URL:MailTo Protocol
Reg HKLM\SOFTWARE\Classes\mailto@URL Protocol
Reg HKLM\SOFTWARE\Classes\mailto\DefaultIcon
Reg HKLM\SOFTWARE\Classes\mailto\DefaultIcon@ %ProgramFiles%\Outlook
Express\msimn.exe,-2
Reg HKLM\SOFTWARE\Classes\mailto\shell
Reg HKLM\SOFTWARE\Classes\mailto\shell\open
Reg HKLM\SOFTWARE\Classes\mailto\shell\open\command
Reg HKLM\SOFTWARE\Classes\mailto\shell\open\command@ "%ProgramFiles%\Outlook
Express\msimn.exe" /mailurl:%1
Reg HKLM\SOFTWARE\Classes\MSIDXS@ Microsoft OLE DB Provider for Indexing
Service
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS\Clsid@ {F9AE8980-7E52-11d0-8964-
00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup@ Microsoft OLE DB Error Lookup
for Indexing Service
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid
Reg HKLM\SOFTWARE\Classes\MSIDXS ErrorLookup\Clsid@ {F9AE8981-7E52-11d0-8964
-00C04FD611D7}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho@ Google Toolbar Notifier BHO
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CLSID@ {AF69DE43-7D58-4638-
B6FA-CE66B5AD205D}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CurVer
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho\CurVer@ protector_dll.ProtectorBho.1
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1@ Google Toolbar Notifier BHO
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1\CLSID@ {AF69DE43-7D58-4638-
B6FA-CE66B5AD205D}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib@ ProtectorLib Class
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib\CLSID@ {84798B8E-69F8-4846-9516-
373C2996E2F7}
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib\CurVer
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib\CurVer@ protector_dll.ProtectorLib.1
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1@ ProtectorLib Class
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1\CLSID
Reg HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1\CLSID@ {84798B8E-69F8-4846-9516
-373C2996E2F7}
Reg HKLM\SOFTWARE\Classes\RealPlayer.AU.6@ AU Clip
Reg HKLM\SOFTWARE\Classes\RealPlayer.AU.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.AU.6\DefaultIcon@ C:\Program
Files\Real\RealPlayer\RealPlay.exe,0
Reg HKLM\SOFTWARE\Classes\RealPlayer.AU.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.AU.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.AU.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AU.6\shell\open\command@ "C:\Program
Files\Real\RealPlayer\RealPlay.exe" /m audio/basic %1
Reg HKLM\SOFTWARE\Classes\RealPlayer.AVI.6@ AVI Clip
Reg HKLM\SOFTWARE\Classes\RealPlayer.AVI.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.AVI.6\DefaultIcon@ C:\Program
Files\Real\RealPlayer\RealPlay.exe,0
Reg HKLM\SOFTWARE\Classes\RealPlayer.AVI.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.AVI.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.AVI.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.AVI.6\shell\open\command@ "C:\Program
Files\Real\RealPlayer\RealPlay.exe" /m video/avi %1
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6@ MP3 PlayLists (.m3u,.pls,.xpl)
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\DefaultIcon@ C:\Program
Files\Real\RealPlayer\RealPlay.exe,0
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.MP3PL.6\shell\open\command@ "C:\Program
Files\Real\RealPlayer\RealPlay.exe" /m audio/mpegurl %1
Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6@ WAV Clip
Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\DefaultIcon
Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\DefaultIcon@ C:\Program
Files\Real\RealPlayer\RealPlay.exe,0
Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell
Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open
Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open\command
Reg HKLM\SOFTWARE\Classes\RealPlayer.WAV.6\shell\open\command@ "C:\Program
Files\Real\RealPlayer\RealPlay.exe" /m audio/wav %1
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CLSID@ {bf404da2-7d3b-11d3-b9e5-
00c04f79e399}
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress\CurVer@ RstrCC.RstrProgress.1
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1@ RstrProgress Class
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID
Reg HKLM\SOFTWARE\Classes\RstrCC.RstrProgress.1\CLSID@ {bf404da2-7d3b-11d3-b9e5-
00c04f79e399} | | Back to Top | | |
| |
