Packed.Generic.200 Detected

July 11, 2009 at 10:24:04
Specs: Windows XP
Hi, I recently got a virus infection on my computer and everytime my computer starts up, Norton IS pops up saying it has detected "Packed.Generic.200" but is unable to remove it. I have ran several Norton scans, as well as malwarebytes scans, but the "Packed.Generic.200" message still pops up regularly. Please advise me as to the proper course of action. Thank you!

See More: Packed.Generic.200 Detected

Report •

July 11, 2009 at 10:33:57

Report •

July 11, 2009 at 11:37:08
Thank you for replying,

According to Norton, under Risk Details, the first time it was detected in May, the "Affected Area" files was system32\uacqyublevvwtetnui.dll

However, the recent startup messages, from earlier today point to system volume information\_restore and
local settings\application data\microsoft
All in all, it is 79 files affected.

It's weird because in Norton's history, it says the risk state is 'fully removed' but if i restart the computer, the packed.generic.200 remove failed message will show up again

Report •

July 11, 2009 at 11:38:23
Follow these steps in order numbered:

1) Download GMER:
[This version will download a randomly named file (Recommended).]

2) Disconnect from the Internet and close all running programs.

3) Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

4) Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

5) GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)

6) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your NO.

7) Now click the Scan button. If you see a rootkit warning window, click OK.

8) When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log and upload it Post the download link to the uploaded file in your post.

9) Exit GMER and re-enable all active protection when done.

Note: Please give me the exact name of the file you downloaded in step 1 + post your log from step 8 in your next post.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Related Solutions

July 11, 2009 at 14:51:12
GMER.log file:

GMER tool: oti8cwlb.exe

Rootkit scan 2009-07-11 17:37:06
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.15 ----

SSDT 83352DD0 ZwAlertResumeThread
SSDT 8311F1E8 ZwAlertThread
SSDT 83133E38 ZwAllocateVirtualMemory
SSDT 83187828 ZwAssignProcessToJobObject
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF865A818]
SSDT 8339BFB0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA32F040]
SSDT 830FC780 ZwCreateMutant
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF864EA20]
SSDT 830E15C8 ZwCreateSymbolicLinkObject
SSDT 830F4598 ZwCreateThread
SSDT 831F5A08 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA32F2C0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA32F820]
SSDT 8311D6C0 ZwDuplicateObject
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF864F2A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF865A910]
SSDT 830ECFC0 ZwFreeVirtualMemory
SSDT 830F44A0 ZwImpersonateAnonymousToken
SSDT 834349F0 ZwImpersonateThread
SSDT 8317F2C0 ZwLoadDriver
SSDT 8310F518 ZwMapViewOfSection
SSDT 831C4228 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xAA32F5D0]
SSDT 8311D920 ZwOpenProcess
SSDT 83187C98 ZwOpenProcessToken
SSDT 831CB598 ZwOpenSection
SSDT 8311D850 ZwOpenThread
SSDT 831C9708 ZwProtectVirtualMemory
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF864F2C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF865A866]
SSDT 83130160 ZwResumeThread
SSDT 833361A0 ZwSetContextThread
SSDT 831219C0 ZwSetInformationProcess
SSDT 83341C78 ZwSetSystemInformation
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF865A0B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA32FA70]
SSDT 830E6A08 ZwSuspendProcess
SSDT 831090B8 ZwSuspendThread
SSDT 831BC110 ZwTerminateProcess
SSDT 83156070 ZwTerminateThread
SSDT 8316F130 ZwUnmapViewOfSection
SSDT 83185D00 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12A 804E4964 4 Bytes JMP 9A0CF864
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? SYMEFA.SYS The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F76E962C 5 Bytes JMP 834FD400
? System32\Drivers\a8w9ekw0.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F86DF580] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F86DF52C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F86F9AB8] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 837BA1D8
Device \FileSystem\Ntfs \Ntfs 836E1170
Device \FileSystem\Fastfat \FatCdrom FF9151D8
Device \FileSystem\Fastfat \FatCdrom 8337B828

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8350E4D8
Device \Driver\usbuhci \Device\USBPDO-1 8350E4D8
Device \Driver\usbuhci \Device\USBPDO-2 8350E4D8
Device \Driver\usbuhci \Device\USBPDO-3 8350E4D8
Device \Driver\usbehci \Device\USBPDO-4 835036E0

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 837BE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 837BE1D8
Device \Driver\Cdrom \Device\CdRom0 8333D008
Device \FileSystem\Rdbss \Device\FsWrap 83400E10
Device \Driver\Cdrom \Device\CdRom1 8333D008
Device \Driver\atapi \Device\Ide\IdePort0 8333E660
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8333E660
Device \Driver\atapi \Device\Ide\IdePort1 8333E660
Device \Driver\atapi \Device\Ide\IdePort2 8333E660
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8333E660
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 8333E660
Device \Driver\00000068 \Device\00000066 sptd.sys
Device \Driver\Cdrom \Device\CdRom2 8333D008
Device \Driver\Cdrom \Device\CdRom3 8333D008
Device \Driver\NetBT \Device\NetBt_Wins_Export 831FC1D8
Device \Driver\NetBT \Device\NetbiosSmb 831FC1D8
Device \Driver\USBSTOR \Device\00000092 830D9008
Device \FileSystem\Srv \Device\LanmanServer 83424030

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\USBSTOR \Device\00000097 830D9008
Device \Driver\USBSTOR \Device\00000098 830D9008
Device \Driver\usbuhci \Device\USBFDO-0 8350E4D8
Device \Driver\USBSTOR \Device\00000099 830D9008
Device \Driver\usbuhci \Device\USBFDO-1 8350E4D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83103400
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83412118
Device \Driver\usbuhci \Device\USBFDO-2 8350E4D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83103400
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83412118
Device \Driver\usbuhci \Device\USBFDO-3 8350E4D8
Device \FileSystem\Npfs \Device\NamedPipe 83179428
Device \Driver\usbehci \Device\USBFDO-4 835036E0
Device \Driver\Ftdisk \Device\FtControl 837BE1D8
Device \FileSystem\Msfs \Device\Mailslot 82F79908
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 83295CF8
Device \Driver\a8w9ekw0 \Device\Scsi\a8w9ekw01Port4Path0Target0Lun0 83226AE8
Device \Driver\a8w9ekw0 \Device\Scsi\a8w9ekw01 83226AE8
Device \Driver\d347prt \Device\Scsi\d347prt1 83295CF8
Device \Driver\USBSTOR \Device\0000009a 830D9008
Device \FileSystem\Fastfat \Fat FF9151D8
Device \FileSystem\Fastfat \Fat 8337B828

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 83411170
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 83411170
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 83411170
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 83411170
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 83411170
Device \FileSystem\Cdfs \Cdfs FF8FC1D8
Device \FileSystem\Cdfs \Cdfs 833526A0

---- Modules - GMER 1.0.15 ----

Module _________ F8616000-F862E000 (98304 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:224] 832A9864

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x44 0xFF 0xE7 0x6B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x7F 0x54 0x92 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -274409406
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -2058268193
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x54 0x67 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x39 0xDC 0x09 0x99 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFD 0x57 0xA8 0xC5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x54 0x67 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x39 0xDC 0x09 0x99 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFD 0x57 0xA8 0xC5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSoiqh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSxfum.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdu.log
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x54 0x67 0x0C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x39 0xDC 0x09 0x99 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFD 0x57 0xA8 0xC5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFD 0x54 0x67 0x0C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x39 0xDC 0x09 0x99 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xFD 0x57 0xA8 0xC5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@DisplayName ez?????J
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@DisplayIcon C:\Program Files\ezHelper\ezHelper.exe,0
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@UninstallString C:\Program Files\ezHelper\uninstall.exe
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@Publisher Taiwan Kuro Times Co. Ltd.
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@InstallLocation C:\Program Files\ezHelper
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@URLInfoAbout
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@URLUpdateInfo
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@DisplayVersion
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@NoModify 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ez@NoRepaire 1
Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1
Reg HKLM\SOFTWARE\Classes\CLSID\{9C6A2914-9038-5A93-8E4E2AA93031FE8A}\{46AC4424-D398-E69C-9CDA7740FD2FECA9}\{CDFE3DAA-B6EE-697E-028EC491D3BD395C}
Reg HKLM\SOFTWARE\Classes\CLSID\{9C6A2914-9038-5A93-8E4E2AA93031FE8A}\{46AC4424-D398-E69C-9CDA7740FD2FECA9}\{CDFE3DAA-B6EE-697E-028EC491D3BD395C}@Q3FBLH6RIF6MYMN6VD31LVQSMD1 0x01 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}
Reg HKLM\SOFTWARE\Classes\CLSID\{E20DD46F-0CC4-5960-1B1F69E13D145F9C}\{B130274E-D0E8-282B-E7F07B1EE1210709}\{71D795F0-66AF-00D6-EF71DCAC5CDD95C3}@Q3FBLH6RIF6MYMN6VD31LVQSMD1 0x01 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Atari\RollerCoaster Tycoon?3
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Atari\RollerCoaster Tycoon?3@Order 0x08 0x00 0x00 0x00 ...

---- EOF - GMER 1.0.15 ----

Report •

July 11, 2009 at 15:37:59
Reboot and rerun Gmer generate new set of logs.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

July 11, 2009 at 23:04:36
Too bigger logs, i think you should simply try the removal guide and follow the removal steps to remove Packed.Generic.200 trojan wich is also known as Alureon.B and ,c.

Report •

July 12, 2009 at 12:30:35
Thanks James, but I have run several MBAM scans already to no avail.

Hi Neoark, I'm not sure what the problem was with the previous log, but I have rerun the GMER scan and uploaded it here:

Thanks for the help!

Report •

July 12, 2009 at 13:19:03
Note: I can help you remove malware manually. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible. First Track this topic. Then follow:

1) Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again. Make sure you have your web browser open in background before following the steps below.

i) To create the log file, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

ii) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

iii) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator.

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

ExecuteAVUpdateEx( '', 1, '','','');

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called inside. Upload that file to and paste the link here.

Image Tutorial

2) Download and Run DDS which will create a Pseudo HJT Report as part of its log: DDS Tool Download Link. When done, DDS will open two (2) logs

   1. DDS.txt
   2. Attach.txt

Upload the logs to and paste download link in your next reply.
Note: Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Report •

July 12, 2009 at 15:27:11
Follow these Steps in order numbered. Don't proceed to next step unless you have successfully completed previous step:

1) Run this script in AVZ like before, your computer will reboot:

SearchRootkit(true, true);

2) After reboot execute following script in AVZ:


A file called should be created in C:\. Upload that file to and Private message me download link.

3) Attach a Combofix log, please review and follow these instructions carefully.

Download it here ->

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs ( Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to and paste the link here.

4) Please zip up C:\qoobox\quarantine and upload it, to a filehost such as Then, Private Message me the Download links to the uploaded files.

If I'm helping you and I don't reply within 24 hours send me a PM.

Report •

Ask Question