System Security 2009 (I think...) w/ HJT log...

Please help - this is on my work PC and I'm shut down without it... I'm posting this from a different computer.
A lot of my applications won't work as they are forced to open in a DOS window with the error "Program too big for memory"
I was able to d/l HiJackThis and run it so here is the log... Any help would be greatly appreciated as soon as possible - THANKS!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:20 AM, on 7/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\-\winlogon.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
F3 - REG:win.ini: load=C:\WINDOWS\system32\mstflhzh.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\mspels.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [13737964] C:\Documents and Settings\All Users\Application Data\13737964\13737964.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msiirdjd.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Epson scanner Registration.lnk = D:\Titles\E_Reg\Epsonreg.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://139.78.54.5/activex/AxisCamControl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\DOCUME~1\TOMWHI~1\LOCALS~1\Temp\1646384125112mmx.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

--
End of file - 12152 bytes

If this is important, when windows boots up, I have numerous DOS windows opening up (cascading) then closing automatically. Most of them are listing .sys files that are located in the \system32 directory.

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  F3 - REG:win.ini: load=C:\WINDOWS\system32\mstflhzh.exe
  F3 - REG:win.ini: run=C:\WINDOWS\system32\mspels.exe
  O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - (no file)
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
  O4 - HKLM\..\Run: [13737964] C:\Documents and Settings\All Users\Application Data\13737964\13737964.exe
  O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msiirdjd.exe
  O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,C:\DOCUME~1\TOMWHI~1\LOCALS~1\Temp\1646384125112mmx.dll
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Belahzur, thanks for the reply.

Performed HJT scan and removed items as described.
D/L'ed Malwarebytes' Anti-Malware but my computer will not let me run it in normal or safe mode.

Anything else we can do?

Edit #1: In safe mode, launched MBAM, nothing happens, but looked at task manager properties and it the process is running, I just can't see anything.

• Download combofix from here
  Link 1
  Link 2
  

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouse click combofix's window whilst it's running. That may cause it to stall.
  

Thanks Origin for responding.

D/L'ed Combofix; renamed it; went to disable AVG8.5 while in safemode and couldn't figure out how to do that...
Rebooted CPU with "Last known good configuration" so I could access the normal AVG8.5 version and "disable" it.
While in XP - normal mode - launched Combo Fix; went through a couple of steps; CF said it had to D/L some stuff from microsoft in order to create a System Restore Point; and the system has been "idle" for 30 minutes since then with no apparent activity.
I have not tried to click anything while CF has been running... Should it take this long for CF to run?
Should I try re-booting my CPU into safemode and run CF again? I just didn't know how to temporarily disable AVG8.5 to run CF.

Let me know and thanks for all your help.

Edit #1: Had to go ahead and disconnect from the network (This is a work PC) as my CPU is affecting other people while it is connected. Please let me know if I can go through CF while computer is not connected to internet. Thanks!

Last edited by tom_white70 on 13th July 2009, 7:16 pm; edited 1 time in total (Reason for editing : (updated information))

Yes you have to run it in safe mode with networking, here is a guide to help you get there:

Please do the following in Safe Mode with Networking: as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press your Enter key.

Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and holding the "F8 key", tap the "F8 key" continuously until you get the startup menu.) Once in the start up menu, select "Safe Mode with Networking", then do the following instructions:

Okay. I finally got ComboFix to run to it's completion and generate a report.

ComboFix 09-07-13.01 - Tom White 07/13/2009 16:31.2.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2780 [GMT -5:00]
Running from: c:\documents and settings\Tom White\Desktop\Combo-Fix.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\hjgruirsvnolwx.sys
c:\windows\system32\hjgruidywiglcl.dll
c:\windows\system32\hjgruiefbxvolo.dat
c:\windows\system32\hjgruiqwsyndcs.dll
c:\windows\system32\hjgruivjqmojsm.dat
.
---- Previous Run -------
.
c:\documents and settings\Tom White\Application Data\inst.exe
c:\windows\Install.txt
c:\windows\Installer\19bafe.msi
c:\windows\MailSwitch.ocx
c:\windows\system32\certstore.dat
c:\windows\system32\drivers\UACxekvpiduwagodkfvp.sys
c:\windows\system32\Install.txt
c:\windows\system32\UACcsuyaoggcgfyfurvy.dat
c:\windows\system32\UACcyfuljllcnlwlnfyu.dll
c:\windows\system32\UAChxwaicptoppglsxha.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACpdbhnqhpecojyxywk.dll
c:\windows\system32\UACqwujvbdmvvnvuklql.dll
c:\windows\system32\UACrvljvqwlalfklsfbl.dll
c:\windows\system32\uactmp.db
c:\windows\system32\UACutavxcerogqlamxbo.db
c:\windows\system32\wiawow32.sys
c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_6TO4
-------\Legacy_MSNCACHE
-------\Legacy_PCMSTUB
-------\Legacy_SOPIDKC
-------\Service_6to4
-------\Service_pcmstub


((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 )))))))))))))))))))))))))))))))
.

2009-07-13 15:19 . 2009-07-13 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-13 15:19 . 2009-07-13 15:19 -------- d-----w- c:\program files\STOPzilla!
2009-07-13 15:19 . 2009-07-13 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-13 15:19 . 2009-07-13 15:19 -------- d-----w- c:\program files\Common Files\iS3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 20:47 . 2008-05-12 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-13 20:23 . 2009-07-11 16:30 934250 ----a-w- c:\windows\Fonts\windef.dll
2009-07-13 15:21 . 2009-07-13 15:21 360 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2009-07-13 15:21 . 2009-07-13 15:19 1016 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-07-11 16:36 . 2009-07-11 16:04 1957 ---h--w- c:\windows\Fonts\mlog
2009-07-11 16:30 . 2009-07-11 16:30 6976 ----a-w- c:\windows\Fonts\logcde.dll
2009-07-10 10:34 . 2006-06-15 20:05 -------- d-----w- c:\documents and settings\Tom White\Application Data\Azureus
2009-07-09 18:56 . 2006-06-14 18:59 -------- d-----w- c:\documents and settings\Tom White\Application Data\AdobeUM
2009-07-02 14:51 . 2008-07-10 14:55 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 14:51 . 2008-07-10 14:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 14:51 . 2008-07-10 14:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-13 10:15 . 2007-12-14 04:09 -------- d-----w- c:\program files\Zoom Player
2009-05-28 19:16 . 2009-05-28 19:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 19:15 . 2009-05-28 19:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 19:14 . 2009-05-28 19:14 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-05-17 10:44 . 2009-05-17 10:44 -------- d-----w- c:\documents and settings\Tom White\Application Data\Media Player Classic
2009-05-17 10:43 . 2009-05-17 10:42 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-17 10:40 . 2007-12-14 04:10 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2009-05-17 10:39 . 2007-12-14 04:10 -------- d-----w- c:\program files\CD Audio Reader Filter
2009-05-17 10:39 . 2007-12-14 04:10 -------- d-----w- c:\program files\SHOUTcast Source
2009-05-12 19:13 . 2009-05-12 19:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-06-14 02:20 . 2008-08-13 11:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-08-03 08:47 . 2006-06-26 14:10 88 --sh--r- c:\windows\system32\1A91D0F581.sys
2006-08-03 08:47 . 2006-06-26 14:10 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-6-29 217088]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 14:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Next Limit\\Maxwell\\mxcl.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Documents and Settings\\Tom White\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/10/2008 9:55 AM 327688]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/10/2008 9:55 AM 298776]
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 07:43]

2006-05-30 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 16:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2009-07-13 16:51
ComboFix-quarantined-files.txt 2009-07-13 21:50

Pre-Run: 18,297,618,432 bytes free
Post-Run: 18,270,212,096 bytes free

186

Now open a new notepad file.
Input this into the notepad file:

File::
c:\windows\Fonts\windef.dll
C:\windows\system32\drivers\kgpfr2.cfg
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\Fonts\logcde.dll

Folder::
c:\documents and settings\Tom White\Application Data\Azureus

Rootkit::
c:\windows\system32\1A91D0F581.sys
c:\windows\system32\KGyGaAvL.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Azureus\\Azureus.exe"=-

Firefox::
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Thanks Origin, but I need your help - drag and drop tells me "I cannot rename ComboFix as Combo-Fix - Please use another name..."

What to do now?

Rename ComboFix to just ComboFix without the -.

Origin,

The Combofix removed numerous Azureus stuff which is making the log file extremely large - do you need to see each and every one of them?

Let me know. Thanks.

Here is a copy of the report with the bulk of the Azureus stuff omitted for space sake...

ComboFix 09-07-13.01 - Tom White 07/13/2009 19:48.3.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2756 [GMT -5:00]
Running from: c:\documents and settings\Tom White\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom White\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\Fonts\logcde.dll"
"c:\windows\Fonts\windef.dll"
"c:\windows\system32\drivers\kgpcpy.cfg"
"c:\windows\system32\drivers\kgpfr2.cfg"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tom White\Application Data\Azureus
c:\documents and settings\Tom White\Application Data\Azureus\.certs
(Origin - there were more things at this location)
c:\documents and settings\Tom White\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Tom White\Application Data\Azureus\VuzeActivities.config.bak
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\drivers\kgpfr2.cfg

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-13 21:25 . 2009-07-13 21:52 -------- d-s---w- C:\Combo-Fix
2009-07-13 15:19 . 2009-07-13 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-07-13 15:19 . 2009-07-13 15:19 -------- d-----w- c:\program files\STOPzilla!
2009-07-13 15:19 . 2009-07-13 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-07-13 15:19 . 2009-07-13 15:19 -------- d-----w- c:\program files\Common Files\iS3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 20:47 . 2008-05-12 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-11 16:36 . 2009-07-11 16:04 1957 ---h--w- c:\windows\Fonts\mlog
2009-07-09 18:56 . 2006-06-14 18:59 -------- d-----w- c:\documents and settings\Tom White\Application Data\AdobeUM
2009-07-02 14:51 . 2008-07-10 14:55 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-02 14:51 . 2008-07-10 14:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-02 14:51 . 2008-07-10 14:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-13 10:15 . 2007-12-14 04:09 -------- d-----w- c:\program files\Zoom Player
2009-05-28 19:16 . 2009-05-28 19:16 17408 ----a-r- c:\windows\system32\SZIO5.dll
2009-05-28 19:15 . 2009-05-28 19:15 294912 ----a-r- c:\windows\system32\SZBase5.dll
2009-05-28 19:14 . 2009-05-28 19:14 540672 ----a-r- c:\windows\system32\SZComp5.dll
2009-05-17 10:44 . 2009-05-17 10:44 -------- d-----w- c:\documents and settings\Tom White\Application Data\Media Player Classic
2009-05-17 10:43 . 2009-05-17 10:42 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-05-17 10:40 . 2007-12-14 04:10 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2009-05-17 10:39 . 2007-12-14 04:10 -------- d-----w- c:\program files\CD Audio Reader Filter
2009-05-17 10:39 . 2007-12-14 04:10 -------- d-----w- c:\program files\SHOUTcast Source
2009-05-12 19:13 . 2009-05-12 19:13 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-06-14 02:20 . 2008-08-13 11:20 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2006-10-23 40048]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-02 1948440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-10 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-5-11 738968]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-6-29 217088]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-02 14:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"c:\\Program Files\\Next Limit\\Maxwell\\mxcl.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"c:\\Documents and Settings\\Tom White\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/10/2008 9:55 AM 327688]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/10/2008 9:55 AM 298776]
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 07:43]

2006-05-30 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Tom White\Application Data\Mozilla\Firefox\Profiles\q42em7eu.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 20:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-14 20:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 01:22
ComboFix2.txt 2009-07-13 21:52

Pre-Run: 18,277,650,432 bytes free
Post-Run: 18,264,653,824 bytes free

434

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Thanks for your help so far Origin (and others)... Here is the MBAM log...

Malwarebytes' Anti-Malware 1.39
Database version: 2425
Windows 5.1.2600 Service Pack 3

7/14/2009 6:07:01 AM
mbam-log-2009-07-14 (06-07-01).txt

Scan type: Quick Scan
Objects scanned: 94126
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wiwow64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tom White\Desktop\winlogon.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Hello.
How is the machine running now?

Thanks for responding Belahzur... The computer is operating as near normal as I can tell right now... haven't spent too much time on it just to see if you guys had other instructions... I chose to go ahead and run an AVG8.5 virus scan and below are the results...

Scan "Scan whole computer" was finished.
Infections;"10";"10";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Tuesday, July 14, 2009, 7:42:33 AM"
Scan finished:;"Tuesday, July 14, 2009, 9:55:26 AM (2 hour(s) 12 minute(s) 53 second(s))"
Total object scanned:;"823955"
User who launched the scan:;"Tom White"

Infections
File;"Infection";"Result"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125709.sys;"Trojan horse BackDoor.Generic11.ABLC";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125710.dll;"Virus found Win32/Cryptor";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125711.dll;"Trojan horse Crypt.FNT";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125712.dll;"Trojan horse Generic13.BQVV";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125713.dll;"Virus found Win32/Cryptor";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125714.dll;"Trojan horse Generic13.ATPH";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125715.sys;"Virus identified Packed.Monder";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125716.dll;"Virus identified Packed.Monder";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125717.dll;"Trojan horse BackDoor.Generic11.ZNE";"Moved to Virus Vault"
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1184\A0125925.exe;"Trojan horse Downloader.Delf.CVD";"Moved to Virus Vault"




Since each of these 10 items was "Moved to Virus Vault" does this mean the virus is gone? I'm currently running another scan - it just takes over 2 hours to complete...

Thanks again for all the help... We're almost there I think!!!

I see, please do the following:

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, just let it cure whatever it finds...
  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
  
• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
  
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

Thanks for responding Origin...
DrWeb took awhile (almost 4 hours) but here is the report...

05D81000;C:\My Drawings - Tom\Comfort Inn Addition\Comfort Inn Corporate Info\Comfort Inn ID Files NP 9-06\CIIN New Impressions ID Files;Probably office.exploit.gen;;

CIIN New Impressions GR Specifications - 9 - 06.xls;C:\My Drawings - Tom\Comfort Inn Addition\Comfort Inn Corporate Info\Comfort Inn ID Files NP 9-06\CIIN New Impressions ID Files;Probably office.exploit.gen;;

CIIN Visions GR LO Specification Sheets 9-06.xls;C:\My Drawings - Tom\Comfort Inn Addition\Comfort Inn Corporate Info\Comfort Inn ID Files NP 9-06\CIIN Visions ID Files NP 9.06;Probably office.exploit.gen;;

CFD.exe;C:\Program Files\BroadJump\Client Foundation;Adware.Cfd;;
InstallHelper.exe;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;;

hjgruiqwsyndcs.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Tdss.265;Deleted.;
UAChxwaicptoppglsxha.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Packed.365;Incurable.;
UACpdbhnqhpecojyxywk.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Tdss.105;Deleted.;
UACrvljvqwlalfklsfbl.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Tdss.49;Deleted.;
wiawow32.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Trojan.Click.26455;Incurable.;
hjgruirsvnolwx.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers;BackDoor.Tdss.294;Deleted.;


Let me know what's next (I have not rebooted the computer yet and DrWeb is still open)...

Download the GMER rootkit scan from here: GMER

1. Unzip it and start GMER.
   
2. Click the >>> tab and then click the Scan button.
   
3. Once done, click the Copy button.
   
4. This will copy the results to your clipboard.
   
5. Paste the results in your next reply.
   

Note:
If you're having problems with running GMER.exe, try it in safe mode. This tools works in safe mode.
You can also try renaming it since some malware blocks GMER.

Just infected restore points.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Belahzur - GMER is still running - I'm going to let it finish; paste the results; then establish new system restore points.

Is that the proper thing to do? (I notice you are offline and probably won't see this - maybe someone else will).

Thanks.

Here are the results of GMER...(they will probably span several posts apparently...)

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-14 21:29:33
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spau.sys ZwCreateKey [0xF74D70E0]
SSDT spau.sys ZwEnumerateKey [0xF74F5CA2]
SSDT spau.sys ZwEnumerateValueKey [0xF74F6030]
SSDT spau.sys ZwOpenKey [0xF74D70C0]
SSDT spau.sys ZwQueryKey [0xF74F6108]
SSDT spau.sys ZwQueryValueKey [0xF74F5F88]
SSDT spau.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 8B306BF8
INT 0x63 ? 8B297BF8
INT 0x84 ? 8A89DF00
INT 0x94 ? 8A89DF00
INT 0xA4 ? 8A89DF00
INT 0xB4 ? 8A89DF00

---- Kernel code sections - GMER 1.0.15 ----

? spau.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA54A8AC 5 Bytes JMP 8A89D4E0
? System32\Drivers\abnar3jf.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8B3082D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] spau.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] spau.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] spau.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] spau.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] spau.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] spau.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] spau.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A89D5E0

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2961F8
Device \Driver\usbuhci \Device\USBPDO-0 8A8BC1F8
Device \Driver\PCI_PNP7056 \Device\00000044 spau.sys
Device \Driver\PCI_PNP7056 \Device\00000044 spau.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A8BC1F8
Device \Driver\usbehci \Device\USBPDO-2 8B2421F8
Device \Driver\usbuhci \Device\USBPDO-3 8A8BC1F8
Device \Driver\usbuhci \Device\USBPDO-4 8A8BC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2981F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2981F8
Device \Driver\Cdrom \Device\CdRom0 8A8B41F8
Device \Driver\Cdrom \Device\CdRom1 8A8B41F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B2981F8
Device \Driver\Cdrom \Device\CdRom2 8A8B41F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4EF1F8
Device \Driver\sptd \Device\3010172056 spau.sys
Device \Driver\NetBT \Device\NetbiosSmb 8A4EF1F8
Device \Driver\usbuhci \Device\USBFDO-0 8A8BC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2F468CB8-3FAD-4063-9F4C-19D647127441} 8A4EF1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A8BC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4F41F8
Device \Driver\usbuhci \Device\USBFDO-2 8A8BC1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4F41F8
Device \Driver\usbuhci \Device\USBFDO-3 8A8BC1F8
Device \Driver\usbehci \Device\USBFDO-4 8B2421F8
Device \Driver\Ftdisk \Device\FtControl 8B2981F8
Device \Driver\abnar3jf \Device\Scsi\abnar3jf1 8A89B1F8
Device \Driver\abnar3jf \Device\Scsi\abnar3jf1Port2Path0Target0Lun0 8A89B1F8
Device \FileSystem\Fastfat \Fat 8A4B31F8
Device \FileSystem\Fastfat \Fat B95BC297
Device \FileSystem\Cdfs \Cdfs 8A4B41F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0xA3 0x2F 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x58 0xF4 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x22 0x97 0xED ...
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet004\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet005\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet006\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet007\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet008\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet009\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet010\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet011\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet012\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet012\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet013\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet013\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet014\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet014\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet015\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet015\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet016\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet016\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet017\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet017\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet018\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet018\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml@start 1
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml@type 1
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml@group file system
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml@imagepath \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main@aid 10002
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main@sid 0
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main\delete
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main\injector
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main\injector@* hjgruiwsp.dll
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\main\tasks
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgruirk.sys \systemroot\system32\drivers\hjgruirsvnolwx.sys
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgruicmd.dll \systemroot\system32\hjgruidywiglcl.dll
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgruilog.dat \systemroot\system32\hjgruiefbxvolo.dat
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgruiwsp.dll \systemroot\system32\hjgruiqwsyndcs.dll
Reg HKLM\SYSTEM\ControlSet019\Services\hjgruiarcecqml\modules@hjgrui.dat \systemroot\system32\hjgruivjqmojsm.dat
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet019\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll

Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1683983066
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1607367679
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

---- EOF - GMER 1.0.15 ----



Attention Moderators: This sure looks like a lot of the same stuff over and over, agree?
Please let me know how to proceed.
Last instruction was to create new system restore points.......
I am waiting to do that until I have confirmation based on GMER results...
Thanks for all your help!!!

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :reg
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\hjgruiarcecqml]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\UACd.sys]
  [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\UACd.sys]
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

Here is the OTMoveIt log...

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hjgruiarcecqml\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\hjgruiarcecqml\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\hjgruiarcecqml\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\hjgruiarcecqml\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\hjgruiarcecqml\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UACd.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet015\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet016\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet017\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet018\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet019\Services\UACd.sys\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet020\Services\UACd.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet021\Services\UACd.sys\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet022\Services\UACd.sys\ not found.

OTM by OldTimer - Version 3.0.0.5 log created on 07152009_164308



Attn: Moderators: Thanks again for your help. What's next?

Hello.
This looks fine now.

After running OTMoveIt, I chose to run AVG8.5 virus scan while still in safe mode... Below are the results...

AVG 8.5 Anti-Virus command line scanner
Copyright (c) 1992 - 2009 AVG Technologies
Program version 8.0.354, engine 8.0.375
Virus Database: Version 270.13.16/2240 2009-07-15

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\LocalService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\LocalService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Tom White\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\Tom White\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\Tom White\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\Tom White\ntuser.dat.LOG Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACxekvpiduwagodkfvp.sys.vir Trojan horse BackDoor.Generic11.ABLC Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjgruidywiglcl.dll.vir Virus identified Packed.Monder Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChxwaicptoppglsxha.dll.vir Trojan horse Generic13.ATPH Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACqwujvbdmvvnvuklql.dll.vir Trojan horse Crypt.FNT Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACcyfuljllcnlwlnfyu.dll.vir Virus found Win32/Cryptor Object was moved to Virus Vault.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir Trojan horse Clicker.AALE Object was moved to Virus Vault.
C:\WINDOWS\system32\config\DEFAULT Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SOFTWARE Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SYSTEM Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.
C:\WINDOWS\system32\drivers\sptd.sys Locked file. Not tested.

------------------------------------------------------------
Objects scanned : 428135
Found infections : 6
Found PUPs : 0
Healed infections : 6
Healed PUPs : 0
Warnings : 0
------------------------------------------------------------


Based on the above results, I am going to run DrWeb Cureit again and post results....

Here are the results of the latest GMER scan... Let me know what's next...

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 07:17:58
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT splr.sys ZwCreateKey [0xF74D70E0]
SSDT splr.sys ZwEnumerateKey [0xF74F5CA2]
SSDT splr.sys ZwEnumerateValueKey [0xF74F6030]
SSDT splr.sys ZwOpenKey [0xF74D70C0]
SSDT splr.sys ZwQueryKey [0xF74F6108]
SSDT splr.sys ZwQueryValueKey [0xF74F5F88]
SSDT splr.sys ZwSetValueKey [0xF74F619A]

INT 0x62 ? 8B306BF8
INT 0x63 ? 8B297BF8
INT 0x84 ? 8A8B2BF8
INT 0x94 ? 8A8B2BF8
INT 0xA4 ? 8A8B2BF8
INT 0xB4 ? 8A8B2BF8

---- Kernel code sections - GMER 1.0.15 ----

? splr.sys The system cannot find the file specified. !
? dwshd.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload BA51D8AC 5 Bytes JMP 8A8B21D8
.text an8nocqj.SYS BA4AC386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text an8nocqj.SYS BA4AC3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text an8nocqj.SYS BA4AC3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text an8nocqj.SYS BA4AC3C9 1 Byte [2E]
.text an8nocqj.SYS BA4AC3C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8B3082D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] splr.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] splr.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] splr.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] splr.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] splr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] splr.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] splr.sys

IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A8B22D8
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlInitUnicodeString] 2266E852
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!swprintf] 478B0000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeSetEvent] 50016A40
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoGetConfigurationInformation] E8510000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00002254
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmFreeMappingAddress] 6A18538B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 868D5200
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 00001C98
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmUnmapIoSpace] 2242E850
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 4B8B0000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IofCompleteRequest] 51016A18
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 1CB4968D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IofCallDriver] E8520000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 00002230
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoConnectInterrupt] 001CBB8E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoDetachDevice] 30C48300
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeWaitForSingleObject] 1CBD8688
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInitializeEvent] 80E90000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeCancelTimer] C6000000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 001CBB86
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlInitAnsiString] 438B0100
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 8E8D5018
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoQueueWorkItem] 00001C90
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmMapIoSpace] 2202E851
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 538B0000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoReportDetectedDevice] 52016A18
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoReportResourceForDetection] 1CAC868D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] E8500000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000021F0
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoRequestPowerIrp] 8A05478A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 18C48300
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!sprintf] 1CBD8688
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 43EB0000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ObfDereferenceObject] 320C538A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 88F93BC0
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 001CBB96
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwClose] F6317300
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 74070647
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 75C0841A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 05578A0B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 968801B0
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoCreateDevice] 00001CBD
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 57B60F66
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 533B6604
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 03087408
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwOpenKey] 72F93B3F
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 8A09EBDA
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoStartTimer] 86880547
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInitializeTimer] 00001CBD
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoInitializeTimer] 88084B8A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInitializeDpc] 001CBE8E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInitializeSpinLock] 40578B00
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoInitializeIrp] 8D52006A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwCreateKey] 001CC086
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 81E85000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 8B000021
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ZwSetValueKey] 001CB88E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeInsertQueueDpc] BC968B00
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 8900001C
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoStartPacket] 001CC48E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] C8968900
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 8B00001C
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoFreeMdl] 016A4047
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmUnlockPages] CCC68150
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 5600001C
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 002157E8
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeSynchronizeExecution] CCCCCCC3
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoStartNextPacket] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeBugCheckEx] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] CCCCCCCC
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeSetTimer] 8BEC8B55
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!_allmul] 00C73445
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!_except_handler3] 830C458B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoSetPowerState] C0840CEC
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 053C0D74
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B80974
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 8B000000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!_aulldiv] 56C35DE5
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!strstr] 8D08758B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!_strupr] 8D51FC4D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeQuerySystemTime] 8D52FD55
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 8D51FE4D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!KeTickCount] 8D52FF55
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 8D51F84D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoDeleteDevice] 5052F455
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] EACAE856
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateWorkItem] C483FFFF
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateIrp] 0FC08520
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoAllocateMdl] 0001AD85
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 46B70F00
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmLockPagableDataSection] F44D8B48
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] C1815753
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 00002590
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!ExFreePoolWithTag] 467C8D51
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoFreeIrp] 7622E84A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!IoFreeWorkItem] D88BFFFF
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!InitSafeBootMode] 8504C483
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!RtlCompareMemory] 5F0A75DB
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!PoCallDriver] 5B08438D
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!memmove] 5DE58B5E
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[ntoskrnl.exe!MmHighestUserAddress] 259068C3
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\an8nocqj.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2961F8
Device \Driver\usbuhci \Device\USBPDO-0 8A8B01F8
Device \Driver\PCI_PNP6880 \Device\00000044 splr.sys
Device \Driver\PCI_PNP6880 \Device\00000044 splr.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A8B01F8
Device \Driver\usbehci \Device\USBPDO-2 8A8833C0
Device \Driver\usbuhci \Device\USBPDO-3 8A8B01F8
Device \Driver\usbuhci \Device\USBPDO-4 8A8B01F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2981F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2981F8
Device \Driver\Cdrom \Device\CdRom0 8A8751F8
Device \Driver\Cdrom \Device\CdRom1 8A8751F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B2981F8
Device \Driver\Cdrom \Device\CdRom2 8A8751F8
Device \Driver\sptd \Device\2074361880 splr.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A4E81F8
Device \Driver\NetBT \Device\NetbiosSmb 8A4E81F8
Device \Driver\usbuhci \Device\USBFDO-0 8A8B01F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2F468CB8-3FAD-4063-9F4C-19D647127441} 8A4E81F8
Device \Driver\usbuhci \Device\USBFDO-1 8A8B01F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A4E31F8
Device \Driver\usbuhci \Device\USBFDO-2 8A8B01F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A4E31F8
Device \Driver\usbuhci \Device\USBFDO-3 8A8B01F8
Device \Driver\usbehci \Device\USBFDO-4 8A8833C0
Device \Driver\Ftdisk \Device\FtControl 8B2981F8
Device \Driver\an8nocqj \Device\Scsi\an8nocqj1 8A86C1F8
Device \Driver\an8nocqj \Device\Scsi\an8nocqj1Port2Path0Target0Lun0 8A86C1F8
Device \FileSystem\Fastfat \Fat 8A4AB500
Device \FileSystem\Fastfat \Fat B95DA297
Device \FileSystem\Cdfs \Cdfs 8A4C01F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x35 0xA3 0x2F 0x0F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0x58 0xF4 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x55 0x22 0x97 0xED ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACxekvpiduwagodkfvp.sys
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACcyfuljllcnlwlnfyu.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACqwujvbdmvvnvuklql.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACcsuyaoggcgfyfurvy.dat
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACrvljvqwlalfklsfbl.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpdbhnqhpecojyxywk.dll
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACutavxcerogqlamxbo.db
Reg HKLM\SYSTEM\ControlSet010\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UAChxwaicptoppglsxha.dll
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet015\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet016\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet017\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet018\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet019\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet020\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1683983066
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1607367679
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF7 0x2D 0xF4 0xF4 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3B 0x9D 0x7F 0xB7 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xE5 0x3A 0x90 0xD2 ...
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet022\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1A 0x7E 0xD8 0x50 ...

---- EOF - GMER 1.0.15 ----



Attention Moderators: I don't understand what's going on. I seem to still be infected. Do we need to start over from square one? Let me know. Thanks!

Should I go ahead and delete those *.vir files in the \Qoobox folder???

Attention Moderators: Here is a current MBAM quick scan log...


Malwarebytes' Anti-Malware 1.39
Database version: 2425
Windows 5.1.2600 Service Pack 3

7/16/2009 9:49:12 AM
mbam-log-2009-07-16 (09-49-12).txt

Scan type: Quick Scan
Objects scanned: 94314
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Attention Moderators: I am currently performing an MBAM full scan...

Here is the current MBAM full scan log...


Malwarebytes' Anti-Malware 1.39
Database version: 2425
Windows 5.1.2600 Service Pack 3

7/16/2009 11:07:25 AM
mbam-log-2009-07-16 (11-07-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 274508
Time elapsed: 1 hour(s), 13 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1184\A0125924.OCX (Worm.Nyxem) -> Quarantined and deleted successfully.



What's next?

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Thanks for helping me with this Origin. Here are the results of Avenger...


Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.