This topic is locked
To start with my original problem as posted eslewhere.
My PC suddenly started freezing up. I had just zipped up almost a hundred applications totaling over a gig and tossed the originals in the recycle. Thought I just needed a defrag. Did same plus anti-spy and antivirus scans. Nothing. Ran Combo scan and Hijack and was going to post when I saw the Spyware terminator. Was running that and came up with TUKernal/win system32/ Tukernal.EXE and perfstring/win system32/perfstring backup. Before the scan was done, Terminator froze up and I crashed so I could not get any results....Finally got a scan to work with ST and removed problem (I thought) and infected progies.
Was told to run Kespersky antivirus. Came up with
C:\Documents and Settings\Sigrid\My Documents\NEW SITES\HTML editor\fp2006-final-3.00-setup.exe/file1626 Infected: not-virus:BadJoke.JS.RJump skipped
C:\Documents and Settings\Sigrid\My Documents\NEW SITES\HTML editor\fp2006-final-3.00-setup.exe Inno: infected - 1 skipped
C:\Documents and Settings\Sigrid\My Documents\NEW SITES\HTML editor\fp2006-final-3.00-setup.zip/fp2006-final-3.00-setup.exe/file1626 Infected: not-virus:BadJoke.JS.RJump skipped
C:\Documents and Settings\Sigrid\My Documents\NEW SITES\HTML editor\fp2006-final-3.00-setup.zip/fp2006-final-3.00-setup.exe Infected: not-virus:BadJoke.JS.RJump skipped
C:\Documents and Settings\Sigrid\My Documents\NEW SITES\HTML editor\fp2006-final-3.00-setup.zip ZIP: infected - 2 skipped
C:\System Volume Information\_restore{9A7B3782-0303-4DA5-83C9-C0A2C6568EC0}\RP155\A0051910.dll Infected: not-a-virus:AdWare.Win32.RK.m skipped
Removed problem program.
I was crashing bad, couldn't even open control panel. If I could get a progie open it would work, just couldn't open them very well. I did a System Restore, went back a month. It is working better but still messed up. The following are tests I ran. The Spyware Terminator said it removed the TUKERNAL. exe but in a GMER scan it seems to be well entrenched. GMER also said that something had modified my system in a pop up warning. Also had this: Module (noname) (*** hidden *** ) F0D20000
Friend techi went on vacation. I went into msconfig and found tukernal had modifyed my boot.ini. Changed it back to original with the radio button, though I couldn't delete the mod. That is it up to now. If I can get to a program it will usually run well. The trouble is getting to it. START freezes, when it does open I have a hard time opening what ever the next thing is. Things like My Docs and control pannel don't want to open and often go unresponsive. Even Task Manager balks. Boot up takes forever. Here is todays ST, GMER, and HGT. If ncessary, I have all the other scans still as well.
Spyware Terminator
Scan Progress (Full Scan)
Start time: 7/9/2007 6:08:12 PM
Database: 1.0.839.595
Processes Scanning
PowerProfile : c:\windows\system32\POWRPROF.dll
Wextract : C:\WINDOWS\system32\advpack.dll
Explorer : C:\WINDOWS\Explorer.EXE
Shdocvw : C:\WINDOWS\system32\SHDOCVW.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
AVG7_AMSVR : C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgklib.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avglog.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcfg.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgamsps.dll
AVG7_EMC : C:\Program Files\Grisoft\AVG Free\avgemc.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgunarc.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgemcps.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\sp_rsser.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcc.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtmgr.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgctrl.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgabout.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtest.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtres.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgset.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgf.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\AVGRES.DLL
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcckrn.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgvault.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgemsui.dll
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\ctbr.dll
Adobe Reader : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Adobe Reader : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\yiesrvc.dll
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\YIeTagBm.dll
DriveLetterAccess : C:\WINDOWS\system32\dla\tfswshx.dll
SSJava : C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\CToolbar.exe
Crawler Toolbar : c:\Program Files\Crawler\Toolbar\ctbcomm.dll
Web Security Guard : c:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Startup Scanning
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
Ctfmon : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ctfmon.exe
Invalid Startup Items : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DW4="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
NvCplDaemon : C:\WINDOWS\SYSTEM32\NVCPL.DLL
NvCplDaemon : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run NvCplDaemon
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcc.exe
AVG7_Control Center : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AVG7_CC
Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run SpywareTerminator
ZoneLabsClient : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
ZoneLabsClient : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ZoneAlarm Client
Explorer : C:\WINDOWS\Explorer.exe
Explorer : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell
Toolbars Scanning
YahooToolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {EF99BD32-C1FB-11D2-892F-0090271D4F88}
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
YahooToolbar : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
YahooToolbar : iexplore.exe PID: 2052
Crawler Toolbar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ {4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\ctbr.dll
Crawler Toolbar : HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Crawler Toolbar : iexplore.exe PID: 2052
Shdocvw : C:\WINDOWS\system32\shdocvw.dll
Shdocvw : HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
Shdocvw : HKCR\CLSID\{4D5C8C25-D075-11d0-B416-00C04FB90376}
Shdocvw : explorer.exe PID: 1240
Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
Shdocvw : HKCR\CLSID\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
Shdocvw : HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Shdocvw : HKCR\CLSID\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Browser Helper Objects Scanning
YahooToolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
YahooToolbar : HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
AcroIEHelper : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Crawler Toolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Crawler Toolbar : HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Spybot S&D : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Spybot S&D : HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}
Spybot S&D : iexplore.exe PID: 2052
Yahoo!IEServices : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\yiesrvc.dll
Yahoo!IEServices : HKCR\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Yahoo!IEServices : iexplore.exe PID: 2052
DriveLetterAccess : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess : C:\WINDOWS\system32\dla\tfswshx.dll
DriveLetterAccess : HKCR\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess : iexplore.exe PID: 2052
SSJava : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSJava : C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
SSJava : HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSJava : iexplore.exe PID: 2052
FDMIECookiesBHO Class ( BHO ) : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
FDMIECookiesBHO Class ( BHO ) : C:\Program Files\Free Download Manager\iefdmcks.dll
IE Explorer Bars
IE Extensions
Yahoo!IEServices : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
NvCplDaemon : C:\WINDOWS\system32\nvcpl.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Services Scanning
AVG7_AMSVR : C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
AVG7_AMSVR : HKLM\SYSTEM\CurrentControlSet\Services\Avg7Alrt
AVG7_EMC : C:\Program Files\Grisoft\AVG Free\avgemc.exe
AVG7_EMC : HKLM\SYSTEM\CurrentControlSet\Services\AVGEMS
Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
Spyware Terminator : HKLM\SYSTEM\CurrentControlSet\Services\sp_rssrv
Protocol filters Scanning
Protocol handlers Scanning
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\ctbr.dll
WinSock2 Scanning
Uninstallers Scanning
C:\WINDOWS\system32\MSIEXEC.EXE
C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Shockwave Installer : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Shockwave Player
C:\PROGRAM FILES\AMP FONT VIEWER\UNINSTALL.EXE
C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
C:\Program Files\Atomic Clock Sync\UNWISE.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\SETUP.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
C:\WINDOWS\UNVISE32.EXE
C:\Program Files\Crawler\Toolbar\CToolbar.exe
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\CToolbar.exe
Crawler Toolbar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CToolbar_UNINSTALL
C:\PROGRAM FILES\CAM DEVELOPMENT\CAM UNZIP\UNINSTALL\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\CAM DEVELOPMENT\CAM UNZIP\UNINSTALL\UNINS000.EXE
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CUZ4_is1
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\DLBAUN5C.EXE
C:\WINDOWS\system32\UninstallElectricSheep.exe
C:\PROGRAM FILES\EVRSOFT FIRST PAGE 2006\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\EVRSOFT FIRST PAGE 2006\UNINS000.EXE
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Evrsoft First Page 2006_is1
C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\FREE DOWNLOAD MANAGER\UNINS000.EXE
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Free Download Manager_is1
C:\PROGRAM FILES\GOLDWAVE\UNSTALL.EXE
C:\WINDOWS\HEXAGON DEMO\UNINSTALL.EXE
C:\Program Files\Hijackthis\HijackThis.exe \uninstall
C:\WINDOWS\$NTSERVICEPACKUNINSTALLIDNMITIGATIONAPIS$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\IE7\SPUNINST\SPUNINST.EXE
C:\PROGRAM FILES\IESPELL\UNINST.EXE
C:\Program Files\Common Files\InstallShield\Driver\7\Intel 32\IDriver.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB887797$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
C:\WINDOWS\$NTUNINSTALLKB890046$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB890859$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB891122$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
C:\WINDOWS\$NTUNINSTALLKB893756$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$MSI31UNINSTALL_KB893803V2$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB894391$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896344$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896358$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896422$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896423$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896424$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB896428$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB898461$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899587$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB899591$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB900485$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB900725$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB900930$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901017$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB901214$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB902344$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB902400$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB904706$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905414$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905749$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB905915$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB908519$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB908531$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB910437$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911280$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911562$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911564$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911567$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB911927$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB912919$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB913446$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB913580$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB914388$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB914389$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB915865$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB916281$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB916595$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917159$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917344$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917422$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917734_WMP10$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB917953$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918118$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918439$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB918899$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB919007$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920213$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920214$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920670$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920683$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920685$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB920872$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB921398$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB921883$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB922582$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB922616$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB922819$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923191$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923414$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923694$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB923980$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB924191$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB924270$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB924496$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB924667$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB925398_WMP64$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB925486$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB925902$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB926239$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB926255$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB926436$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB927779$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB927802$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB927891$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\IE7UPDATES\KB928090-IE7\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB928255$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB928843$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB929123$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB929338$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB929399$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\IE7UPDATES\KB929969\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB930178$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB930916$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB931261$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\IE7UPDATES\KB931768-IE7\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB931784$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB931836$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB932168$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\IE7UPDATES\KB933566-IE7\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB935839$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLKB935840$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\INF\LHTTSENG.INF
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\LIVEREG\VCSETUP.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
C:\Program Files\MID Converter 4.2\uninst.exe
C:\WINDOWS\$NTUNINSTALLMSCOMPPACKV1$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\INF\MSCSRGPC.INF
C:\PROGRA~1\MYSURV~1\UNWISE.EXE C:\PROGRA~1\MYSURV~1\INSTALL.LOG
C:\WINDOWS\$NTSERVICEPACKUNINSTALLNLSDOWNLEVELMAPPING$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\system32\SETUPAPI.DLL
C:\PROGRAM FILES\PERFORMANCETEST\UNINS000.EXE
C:\PROGRAM FILES\SHAL\UNINS000.EXE
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASHUTIL9B.EXE
C:\Program Files\simplemu\UNWISE.EXE
C:\WINDOWS\MODIO\SLAMR2KV\SETUP.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\UNINS000.EXE
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1
C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
Spyware Terminator : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\SPYWARE TERMINATOR\UNINS000.EXE
Spyware Terminator : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Terminator_is1
C:\PROGRAM FILES\SPYWAREBLASTER\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\SPYWAREBLASTER\UNINS000.EXE
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareBlaster_is1
C:\WINDOWS\SCUNIN.EXE
C:\PROGRAM FILES\TEAMSPEAK2_RC2\UNINS000.EXE
C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
C:\PROGRAM FILES\TRILLIAN\TRILLIAN.EXE
C:\PROGRAM FILES\TURBOTAX\PREMIER 2005\TAXUNST.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MEDIA PLAYER\MTSAXINSTALLER.EXE
C:\WINDOWS\SYSTEM32\CONTROL.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMSETSDK.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\SETUP_WM.EXE
C:\PROGRAM FILES\COMMON FILES\GTK\2.0\SETUP\UNINS000.EXE
Inoinstaller : C:\PROGRAM FILES\COMMON FILES\GTK\2.0\SETUP\UNINS000.EXE
Inoinstaller : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinGTK-2_is1
C:\Program Files\WinRAR\uninstall.exe
WinRAR : C:\Program Files\WinRAR\uninstall.exe
WinRAR : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver
C:\WINDOWS\$NTUNINSTALLWMCSETUP$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLWMFDIST11$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLWMP11$\SPUNINST\SPUNINST.EXE
C:\WINDOWS\$NTUNINSTALLWUDF01000$\SPUNINST\SPUNINST.EXE
C:\Program Files\Yahoo!\Common\unypsr.exe
C:\Program Files\Yahoo!\Common\unyt.exe
C:\Program Files\Yahoo!\Common\unyext.exe
C:\PROGRA~1\YAHOO!\COMMON\YMMAPI.DLL
C:\Program Files\Yahoo!\Messenger\UNWISE.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
Start Menu Scanning
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
SynchronizationManager : C:\Documents and Settings\Sigrid\Start Menu\Programs\Accessories\Synchronize.lnk
Explorer : C:\WINDOWS\explorer.exe
Explorer : C:\Documents and Settings\Sigrid\Start Menu\Programs\Accessories\Windows Explorer.lnk
WinRAR : C:\Program Files\WinRAR\WinRAR.exe
WinRAR : C:\Documents and Settings\Sigrid\Start Menu\Programs\WinRAR\WinRAR.lnk
WinRAR : C:\Documents and Settings\Sigrid\Start Menu\WinRAR.lnk
Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\Network Connections.lnk
Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\Scheduled Tasks.lnk
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcc.exe
AVG7_Control Center : C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free Edition\AVG Free Control Center.lnk
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgw.exe
AVG7_Control Center : C:\Documents and Settings\All Users\Start Menu\Programs\AVG Free Edition\AVG Free Edition Test Center.lnk
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\CToolbar.exe
Crawler Toolbar : C:\Documents and Settings\All Users\Start Menu\Programs\Crawler Toolbar\Uninstall Crawler Toolbar.lnk
FreeDownloadManager : C:\Program Files\Free Download Manager\fdm.exe
FreeDownloadManager : C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager\Free Download Manager.lnk
Inoinstaller : C:\Program Files\Free Download Manager\unins000.exe
Inoinstaller : C:\Documents and Settings\All Users\Start Menu\Programs\Free Download Manager\Uninstall Free Download Manager.lnk
Inoinstaller : C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe
Inoinstaller : C:\Documents and Settings\All Users\Start Menu\Programs\GTK+ Runtime Environment\Select language.lnk
Inoinstaller : C:\Documents and Settings\All Users\Start Menu\Programs\GTK+ Runtime Environment\Uninstall.lnk
Inoinstaller : C:\Program Files\Spybot - Search & Destroy\unins000.exe
Inoinstaller : C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator\Spyware Terminator.lnk
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
Inoinstaller : C:\Program Files\Spyware Terminator\unins000.exe
Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator\Uninstall Spyware Terminator.lnk
Explorer : C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Help.lnk
MessengerService : C:\Program Files\Messenger\msmsgs.exe
MessengerService : C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
WinRAR : C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR\WinRAR.lnk
ZoneLabsClient : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
ZoneLabsClient : C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm\ZoneAlarm Security.lnk
Desktop Scanning
Favorites Scanning
Cookies Scanning
Registry Scanning
AcroIEHelper : HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Crawler Toolbar : HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\ctbr.dll
Crawler Toolbar : iexplore.exe PID: 2052
Crawler Toolbar : HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
YahooToolbar : HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
YahooToolbar : iexplore.exe PID: 2052
YahooToolbar : HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo!IEServices : HKCR\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\yiesrvc.dll
Yahoo!IEServices : iexplore.exe PID: 2052
Yahoo!IEServices : HKCR\CLSID\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\YIeTagBm.dll
MSDXM : HKCR\CLSID\{8E718888-423F-11D2-876E-00A0C9082467}
MSDXM : C:\WINDOWS\system32\msdxm.ocx
DriveLetterAccess : HKCR\CLSID\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess : C:\WINDOWS\system32\dla\tfswshx.dll
DriveLetterAccess : iexplore.exe PID: 2052
Spybot S&D : HKCR\CLSID\{53707962-6F74-2D53-2644-206D7942484F}
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Spybot S&D : iexplore.exe PID: 2052
SSJava : HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSJava : C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
SSJava : iexplore.exe PID: 2052
Files Scanning
Google Toolbar : C:\Program Files\GOOGLE\GOOGLETOOLBAR1.DLL
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\CToolbar.exe
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\ctbr.dll
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\ctbcomm.dll
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\CTConf.dat
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\CUpdate.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminator.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\sp_rsser.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
Spyware Terminator : C:\Documents and Settings\All Users\Start Menu\..\Application Data\Spyware Terminator\sp_rsdel.exe
Spyware Terminator : C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcc.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgw.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avglog.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcfg.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtmgr.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgctrl.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgabout.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtest.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtres.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgset.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgklib.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgf.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgamsps.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgres.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcckrn.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgvault.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgunarc.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgemsui.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgemcps.dll
MessengerService : C:\Program Files\Messenger\msmsgs.exe
NvMixerTray : C:\WINDOWS\system32\NvMcTray.dll
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
AVG7_EMC : C:\Program Files\Grisoft\AVG Free\avgemc.exe
SunJavaUpdateSched : C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
SunJavaUpdateSched : C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
SunJavaUpdateSched : C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
QuickTimeTask : C:\Program Files\QuickTime\qttask.exe
UpdateManager : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
Nwiz : C:\WINDOWS\system32\nwiz.exe
MSConfig : C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\yiesrvc.dll
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\YIeTagBm.dll
ZoneLabsClient : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
MSDXM : C:\WINDOWS\system32\msdxm.ocx
MachineDebugManager : C:\WINDOWS\system32\MDM.EXE
StillImageMonitor : C:\WINDOWS\system32\STIMON.EXE
NvCplDaemon : C:\WINDOWS\system32\NvCpl.dll
GrpConv : C:\WINDOWS\system32\grpconv.exe
DriveLetterAccess : C:\WINDOWS\system32\dla\tfswshx.dll
DriveLetterAccess : C:\WINDOWS\system32\dla\tfswctrl.exe
Wextract : C:\WINDOWS\system32\advpack.dll
KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe
Explorer : C:\WINDOWS\explorer.exe
FreeDownloadManager : C:\Program Files\Free Download Manager\fdm.exe
PowerProfile : C:\WINDOWS\system32\powrprof.dll
BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl
SSJava : C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
SSJava : C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
SSJava : C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
Shdocvw : C:\WINDOWS\system32\shdocvw.dll
PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe
MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe
DVDLauncher : C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
AVG7_AMSVR : C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
NVIEW : C:\WINDOWS\system32\nview.dll
SpybotSDTeaTimer : C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Verclsid : C:\WINDOWS\system32\verclsid.exe
Systray : C:\WINDOWS\system32\systray.exe
comctl32 : C:\WINDOWS\WinSxS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.2600.2180_X-WW_A84F1FF9\comctl32.dll
Web Security Guard : C:\Program Files\Crawler\Toolbar\websecurityguard.dll
Ie4uinit : C:\WINDOWS\system32\ie4uinit.exe
Adobe Reader : C:\Program Files\ADOBE\READER 8.0\READER\ACRORD32.EXE
Adobe Reader : C:\Program Files\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\PDFSHELL.DLL
Adobe Reader : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.DLL
Adobe Reader : C:\Program Files\ADOBE\READER 8.0\READER\ACRORD32INFO.EXE
Adobe Reader : C:\Program Files\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\ACROIEHELPER.DLL
Adobe Reader : C:\Program Files\COMMON FILES\ADOBE\ACROBAT\ACTIVEX\ACROPDF.DLL
Adobe Reader : C:\Program Files\ADOBE\READER 8.0\READER\ADOBEUPDATER.DLL
Adobe Reader : C:\Program Files\COMMON FILES\ADOBE\UPDATER5\ADOBEUPDATER.EXE
Adobe Reader : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.DLL
Shockwave Installer : C:\WINDOWS\system32\MACROMED\SHOCKWAVE 10\GI.DLL
Shockwave Installer : C:\WINDOWS\system32\MACROMED\SHOCKWAVE 10\GTAPI.DLL
Shockwave Installer : C:\WINDOWS\system32\MACROMED\COMMON\SWSUPPORT.DLL
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
Shockwave Installer : C:\WINDOWS\system32\MACROMED\SHOCKWAVE 10\DYNAPLAYER.DLL
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
Shockwave Installer : C:\WINDOWS\system32\MACROMED\DIRECTOR\SWDIR.DLL
WinAmp media player : C:\WINDOWS\system32\WMVADVD.DLL
WinAmp media player : C:\WINDOWS\system32\WMVADVE.DLL
WinAmp media player : C:\WINDOWS\system32\WMDRMNET.DLL
WinAmp media player : C:\WINDOWS\system32\WMDRMDEV.DLL
WinAmp media player : C:\WINDOWS\system32\WPDSP.DLL
WinAmp media player : C:\WINDOWS\system32\WPDCONNS.DLL
WinAmp media player : C:\WINDOWS\system32\WPDMTP.DLL
WinAmp media player : C:\WINDOWS\system32\WPDMTPUS.DLL
WinRAR : C:\Program Files\WINRAR\WINRAR.EXE
WinRAR : C:\Program Files\WINRAR\UNINSTALL.EXE
WinZip : C:\WINDOWS\INSTALLER\MSI3.TMP
Preparing DeepFile Scan
DeepFiles Scanning
Spyware Terminator : C:\Documents and Settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
WinRAR : C:\Documents and Settings\Sigrid\My Documents\PROGRAMS\wrar362.exe
Adobe Reader : C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
Adobe Reader : C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
Adobe Reader : C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdater.dll
Inoinstaller : C:\Program Files\CAM Development\CAM UnZip\Uninstall\unins000.exe
Adobe Reader : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Adobe Reader : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll
Adobe Reader : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
Adobe Reader : C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
Inoinstaller : C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe
UpdateManager : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\ctbcomm.dll
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\ctbr.dll
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\CToolbar.exe
Crawler Toolbar : C:\Program Files\Crawler\Toolbar\CUpdate.exe
Web Security Guard : C:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll
DVDLauncher : C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
Inoinstaller : C:\Program Files\Evrsoft First Page 2006\unins000.exe
FreeDownloadManager : C:\Program Files\Free Download Manager\fdm.exe
Inoinstaller : C:\Program Files\Free Download Manager\unins000.exe
Google Toolbar : C:\Program Files\Google\GoogleToolbar1.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgabout.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgamsps.dll
AVG7_AMSVR : C:\Program Files\Grisoft\AVG Free\avgamsvr.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcc.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcckrn.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgcfg.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgctrl.dll
AVG7_EMC : C:\Program Files\Grisoft\AVG Free\avgemc.exe
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgemcps.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgemsui.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgf.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgklib.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avglog.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgres.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgset.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtest.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtmgr.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgtres.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgunarc.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgvault.dll
AVG7_Control Center : C:\Program Files\Grisoft\AVG Free\avgw.exe
SunJavaUpdateSched : C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
SSJava : C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
SunJavaUpdateSched : C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
SSJava : C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
SunJavaUpdateSched : C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
SSJava : C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
MessengerService : C:\Program Files\Messenger\msmsgs.exe
QuickTimeTask : C:\Program Files\QuickTime\qttask.exe
Spybot S&D : C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
SpybotSDTeaTimer : C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Inoinstaller : C:\Program Files\Spybot - Search & Destroy\unins000.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\sptcontmenu.dll
Spyware Terminator : C:\Program Files\Spyware Terminator\SpywareTerminator.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\Spywareterminatorshield.Exe
Spyware Terminator : C:\Program Files\Spyware Terminator\sp_rsser.exe
Spyware Terminator : C:\Program Files\Spyware Terminator\unins000.exe
Inoinstaller : C:\Program Files\Spyware Terminator\unins000.exe
Inoinstaller : C:\Program Files\SpywareBlaster\unins000.exe
WinRAR : C:\Program Files\WinRAR\Uninstall.exe
WinRAR : C:\Program Files\WinRAR\WinRAR.exe
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\yiesrvc.dll
Yahoo!IEServices : C:\Program Files\Yahoo!\Common\YIeTagBm.dll
YahooToolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
ZoneLabsClient : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Explorer : C:\WINDOWS\explorer.exe
MSConfig : C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
Wextract : C:\WINDOWS\system32\advpack.dll
BluetoothControlPanel : C:\WINDOWS\system32\bthprops.cpl
Ctfmon : C:\WINDOWS\system32\ctfmon.exe
DriveLetterAccess : C:\WINDOWS\system32\dla\tfswctrl.exe
DriveLetterAccess : C:\WINDOWS\system32\dla\tfswshx.dll
MSPY2002 : C:\WINDOWS\system32\dllcache\imscinst.exe
Systray : C:\WINDOWS\system32\dllcache\systray.exe
PHIME2002ASync : C:\WINDOWS\system32\dllcache\tintsetp.exe
KernelFaultCheck : C:\WINDOWS\system32\dumprep.exe
GrpConv : C:\WINDOWS\system32\grpconv.exe
Ie4uinit : C:\WINDOWS\system32\ie4uinit.exe
Shockwave Installer : C:\WINDOWS\system32\Macromed\Common\SwSupport.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Director\SwDir.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\dirapi.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\gi.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\gtapi.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\iml32.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenu.dll
Shockwave Installer : C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE
MachineDebugManager : C:\WINDOWS\system32\MDM.EXE
SynchronizationManager : C:\WINDOWS\system32\mobsync.exe
MSDXM : C:\WINDOWS\system32\msdxm.ocx
NvCplDaemon : C:\WINDOWS\system32\nvcpl.dll
NVIEW : C:\WINDOWS\system32\nview.dll
NvMixerTray : C:\WINDOWS\system32\nvmctray.dll
Nwiz : C:\WINDOWS\system32\nwiz.exe
PowerProfile : C:\WINDOWS\system32\powrprof.dll
Shdocvw : C:\WINDOWS\system32\shdocvw.dll
StillImageMonitor : C:\WINDOWS\system32\stimon.exe
Systray : C:\WINDOWS\system32\systray.exe
Verclsid : C:\WINDOWS\system32\verclsid.exe
WinAmp media player : C:\WINDOWS\system32\wmdrmdev.dll
WinAmp media player : C:\WINDOWS\system32\wmdrmnet.dll
WinAmp media player : C:\WINDOWS\system32\WMVADVD.dll
WinAmp media player : C:\WINDOWS\system32\WMVADVE.DLL
WinAmp media player : C:\WINDOWS\system32\wpdconns.dll
WinAmp media player : C:\WINDOWS\system32\wpdmtp.dll
WinAmp media player : C:\WINDOWS\system32\wpdmtpus.dll
WinAmp media player : C:\WINDOWS\system32\wpdsp.dll
Adobe Reader : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
Adobe Reader : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
comctl32 : C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Done
Scan Summary:
Total Scanning Time : 2210.20 s
Objects Scanned : 159,733
Objects Identified : 180
Objects Ignored : 0
Critical Objects : 1
Remove Process:
Preparing structures
Creating System Restore Point
Remove Invalid Startup Items
Deleted Registry : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DW4="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
Closing System Restore Point
GMER
GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-07-09 19:27:50
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, A1, 4B, F5, 80, 04, 4C, ... ]
? srescan.sys The system cannot find the file specified.
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ F0, A1, 4B, F5, 80, 04, 4C, ... ]
---- Devices - GMER 1.0.12 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5B85A] avgtdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5B85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A5B85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F54CB8A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F54CB8A0] vsdatant.sys
Devic
Sign In
Create Account
