Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Computer Really Slow


  • Please log in to reply
38 replies to this topic

#16 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 23 July 2007 - 08:03 PM

SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/23/2007 at 05:45 PM

Application Version : 3.9.1008

Core Rules Database Version : 3270
Trace Rules Database Version: 1281

Scan type : Complete Scan
Total Scan Time : 01:30:24

Memory items scanned : 231
Memory threats detected : 0
Registry items scanned : 6286
Registry threats detected : 0
File items scanned : 65548
File threats detected : 5

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@edge.ru4[1].txt
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt



Gmer Log:


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-23 18:53:49
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\nvsvc32.exe[288] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\nvsvc32.exe[288] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\nvsvc32.exe[288] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[436] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[436] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Softex\OmniPass\Omniserv.exe[464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Softex\OmniPass\Omniserv.exe[464] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Softex\OmniPass\Omniserv.exe[464] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Softex\OmniPass\OPXPApp.exe[536] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Softex\OmniPass\OPXPApp.exe[536] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Softex\OmniPass\OPXPApp.exe[536] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Softex\OmniPass\OPXPApp.exe[536] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdsvc.exe[544] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ CF, 9E, C5, 83 ]
.text C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[692] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[692] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[692] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text c:\Program Files\Norton Personal Firewall\NISUM.EXE[752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text c:\Program Files\Norton Personal Firewall\NISUM.EXE[752] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text c:\Program Files\Norton Personal Firewall\NISUM.EXE[752] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[928] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[928] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[928] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\svcntaux.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\svcntaux.exe[1000] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\svcntaux.exe[1000] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[1096] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1096] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1124] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1124] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[1220] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1220] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1232] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1280] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1280] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\rundll32.exe[1456] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\rundll32.exe[1456] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\rundll32.exe[1456] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\rundll32.exe[1456] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Yahoo!\Antivirus\VetMsg.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Yahoo!\Antivirus\VetMsg.exe[1524] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Yahoo!\Antivirus\VetMsg.exe[1524] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1576] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1576] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1584] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1584] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Teleca Shared\Generic.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Teleca Shared\Generic.exe[1596] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Common Files\Teleca Shared\Generic.exe[1596] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Teleca Shared\Generic.exe[1596] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[1628] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[1628] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[1628] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1636] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[1636] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1636] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[1652] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[1652] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[1652] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Yahoo!\Antivirus\ISafe.exe[1704] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Yahoo!\Antivirus\ISafe.exe[1704] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Yahoo!\Antivirus\ISafe.exe[1704] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[1828] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[1828] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[1828] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text c:\Program Files\Norton Personal Firewall\ccPxySvc.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text c:\Program Files\Norton Personal Firewall\ccPxySvc.exe[1872] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text c:\Program Files\Norton Personal Firewall\ccPxySvc.exe[1872] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1920] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1920] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1920] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2020] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\RunDLL32.exe[2020] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2020] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2080] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2080] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2080] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\HP\KBD\KBD.EXE[2160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\HP\KBD\KBD.EXE[2160] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\HP\KBD\KBD.EXE[2160] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\HP\KBD\KBD.EXE[2160] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[2212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[2212] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[2212] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe[2212] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2216] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2216] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 23, 92, C3, 83 ]
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2216] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[2216] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2504] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2504] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2504] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2504] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Messenger\MSMSGS.EXE[2560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Messenger\MSMSGS.EXE[2560] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Messenger\MSMSGS.EXE[2560] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Messenger\MSMSGS.EXE[2560] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[2732] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[2732] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[2732] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[2732] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2812] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2812] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2812] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2812] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2900] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2900] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\Explorer.EXE[2900] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2900] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2956] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2956] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2956] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2956] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe[2980] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe[2980] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe[2980] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe[2980] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2996] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.656\gmer.exe[3004] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.656\gmer.exe[3004] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.656\gmer.exe[3004] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.656\gmer.exe[3004] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3136] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3136] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3136] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3136] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[3148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[3148] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[3148] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[3148] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[3176] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[3176] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\svchost.exe[3176] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[3176] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Yahoo!\Antivirus\CAVTray.exe[3208] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Yahoo!\Antivirus\CAVTray.exe[3208] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Yahoo!\Antivirus\CAVTray.exe[3208] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Yahoo!\Antivirus\CAVTray.exe[3208] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[3336] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[3336] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[3336] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[3336] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[3384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[3384] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\svchost.exe[3384] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[3384] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3596] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\iPod\bin\iPodService.exe[3596] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3596] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Yahoo!\Antivirus\CAVRID.exe[3648] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Yahoo!\Antivirus\CAVRID.exe[3648] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Yahoo!\Antivirus\CAVRID.exe[3648] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Yahoo!\Antivirus\CAVRID.exe[3648] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3676] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3676] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3676] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[3676] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\QuickTime\qttask.exe[3788] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\QuickTime\qttask.exe[3788] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\QuickTime\qttask.exe[3788] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\QuickTime\qttask.exe[3788] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3844] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3844] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[3844] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\ALCXMNTR.EXE[3960] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\ALCXMNTR.EXE[3960] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\ALCXMNTR.EXE[3960] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\ALCXMNTR.EXE[3960] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3992] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3992] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3992] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[3992] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\WinRAR\WinRAR.exe[4008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\WinRAR\WinRAR.exe[4008] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\WinRAR\WinRAR.exe[4008] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WinRAR\WinRAR.exe[4008] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[140] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602723] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602640] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [636022E2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602687] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602723] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602640] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [636022E2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602687] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602640] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602687] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [636022E2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602723] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [636026CE] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015B4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [63601F71] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601EA6] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63601F47] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [6360158D] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [636026CE] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602723] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602687] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602640] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [636022E2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [63601F71] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63601F47] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601EA6] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [6360158D] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\PROGRA~1\Yahoo!\YOP\yop.exe[668] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015B4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLHostManager.exe[1808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\Common Files\AOL\1130986072\ee\AOLServiceHost.exe[3112] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll




[continued on next reply post]

    Advertisements

Register to Remove


#17 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 23 July 2007 - 08:05 PM

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7867CFA] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7867F00] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F78680F0] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F78680F0] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F786830C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7867976] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F786838C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F78685C0] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [ED461180] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [ED461490] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [ED4613F0] SYMEVENT.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [ED692F1C] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [ED6930A4] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [ED693240] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [ED693010] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [ED692FF0] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [ED692EB6] VET-REC.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [ED48F88F] SYMTDI.SYS Device \Device000070 IRP_MJ_CREATE [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_CREATE_NAMED_PIPE [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_CLOSE [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_READ [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_WRITE [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_QUERY_INFORMATION [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_SET_INFORMATION [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_QUERY_EA [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_SET_EA [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_FLUSH_BUFFERS [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_QUERY_VOLUME_INFORMATION [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_SET_VOLUME_INFORMATION [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_DIRECTORY_CONTROL [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_FILE_SYSTEM_CONTROL [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_DEVICE_CONTROL [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_INTERNAL_DEVICE_CONTROL [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_SHUTDOWN [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_LOCK_CONTROL [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_CLEANUP [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_CREATE_MAILSLOT [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_QUERY_SECURITY [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_SET_SECURITY [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_POWER [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_SYSTEM_CONTROL [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_DEVICE_CHANGE [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_QUERY_QUOTA [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_SET_QUOTA [F743ECB8] ACPI.sys Device \Device000070 IRP_MJ_PNP [F743ECB8] ACPI.sys Device \Device000070 FastIoDetachDevice [F743F0D4] ACPI.sys AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [ED48F88F] SYMTDI.SYS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [ED48F88F] SYMTDI.SYS Device \Device00006f IRP_MJ_CREATE [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_CREATE_NAMED_PIPE [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_CLOSE [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_READ [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_WRITE [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_QUERY_INFORMATION [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_SET_INFORMATION [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_QUERY_EA [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_SET_EA [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_FLUSH_BUFFERS [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_QUERY_VOLUME_INFORMATION [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_SET_VOLUME_INFORMATION [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_DIRECTORY_CONTROL [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_FILE_SYSTEM_CONTROL [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_DEVICE_CONTROL [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_INTERNAL_DEVICE_CONTROL [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_SHUTDOWN [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_LOCK_CONTROL [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_CLEANUP [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_CREATE_MAILSLOT [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_QUERY_SECURITY [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_SET_SECURITY [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_POWER [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_SYSTEM_CONTROL [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_DEVICE_CHANGE [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_QUERY_QUOTA [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_SET_QUOTA [F743ECB8] ACPI.sys Device \Device00006f IRP_MJ_PNP [F743ECB8] ACPI.sys Device \Device00006f FastIoDetachDevice [F743F0D4] ACPI.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7557BC0] ikfileflt.sys AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7867CFA] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7867F00] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F78680F0] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F78680F0] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F786830C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7867976] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F786838C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F78685C0] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7867A7C] VET-FILT.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [ED692F1C] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [ED6930A4] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [ED693240] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [ED693010] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [ED692FF0] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [ED692EB6] VET-REC.SYS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [ED692EB6] VET-REC.SYS ---- EOF - GMER 1.0.13 ---- Desktop loads quite slow now. Sorry for the wait Jintan. Thanks.

#18 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 23 July 2007 - 09:01 PM

Only issue with any delays is if the system continues to be used in between repair steps here and possibly brings about increase of infection instead of what we hope to bring about. That GMER log suggests so as yet unknown action is hooked into many running processes there.


# Download Autoruns from here
# Unzip/extract it to a folder on your desktop
# Double click on autoruns.exe to start Autoruns
# Wait for it to finish scanning
# Under Options make sure the following options are selected


* Verify Code Signatures
* Hide Signed Microsoft Entries


# Click File > Refresh
# Click File > Save As
# Save it to the desktop as autoruns.txt
# Post the contents of autoruns.txt as a reply to this topic

Edited by Jintan, 23 July 2007 - 09:02 PM.


#19 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 25 July 2007 - 05:13 PM

AutoRun Log:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ !AVG Anti-Spyware AVG Anti-Spyware (Verified) GRISOFT LTD c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe
+ Adobe Photo Downloader Adobe Photoshop Album Starter Edition 3.0 component (Not verified) Adobe Systems Incorporated c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated c:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ AutoTKit c:\hp\bin\autotkit.exe
+ CaAvTray CA Antivirus System Tray Application (Verified) Computer Associates International c:\program files\yahoo!\antivirus\cavtray.exe
+ CAVRID CA Antivirus Realtime Infection Report (Verified) Computer Associates International c:\program files\yahoo!\antivirus\cavrid.exe
+ ccApp Common Client CC App (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe
+ ccRegVfy Common Client Registry Integrity Verifier (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccregvfy.exe
+ HostManager AOLHostManager (Verified) America Online, Inc. c:\program files\common files\aol\1130986072\ee\aolhostmanager.exe
+ HP Software Update Hewlett-Packard Product Assistant (Not verified) Hewlett-Packard Co. c:\program files\hp\hp software update\hpwuschd2.exe
+ HPHUPD05 HPHupd05 (Not verified) Hewlett-Packard c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
+ iTunesHelper iTunesHelper Module (Verified) Apple Computer, Inc. c:\program files\itunes\ituneshelper.exe
+ KBD KBD EXE (Not verified) Hewlett-Packard Company c:\hp\kbd\kbd.exe
+ mmtask TODO: <File description> (Not verified) TODO: <Company name> c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Computer, Inc. c:\program files\quicktime\qttask.exe
+ SDTray Spyware Doctor Tray (Verified) PC Tools c:\program files\spyware doctor\sdtrayapp.exe
+ Sony Ericsson PC Suite Application Launcher (Not verified) Sony Ericsson Mobile Communications AB c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe
+ StorageGuard Sonic Update Manager (Not verified) Sonic Solutions c:\program files\common files\sonic\update manager\sgtray.exe
+ SunJavaUpdateSched Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_01\bin\jusched.exe
+ TkBellExe RealNetworks Scheduler (Not verified) RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ YOP Dashboard Module (Verified) Yahoo! Inc. c:\program files\yahoo!\yop\yop.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ Adobe Gamma Loader.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe
+ HP Digital Imaging Monitor.lnk HP Digital Imaging Monitor (Not verified) Hewlett-Packard Co. c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
+ hp psc 1000 series.lnk HP OfficeJet COM Device Objects (Not verified) Hewlett-Packard Co. c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
+ hpoddt01.exe.lnk hpotdd01 (Not verified) Hewlett-Packard c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
+ Quicken Scheduled Updates.lnk Quicken Background Agent (Not verified) Intuit Inc. c:\program files\quicken\bagent.exe
+ SBC Self Support Tool.lnk Motive Chorus Command Line Interface (Not verified) Motive Communications, Inc. c:\program files\sbc self support tool\bin\matcli.exe
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
+ Adobe Gamma.lnk Adobe Gamma Loader (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\calibration\adobe gamma loader.exe
+ Stardock ObjectDock.lnk File not found: C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ BackupNotify (Not verified) c:\program files\hewlett-packard\digital imaging\bin\backupnotify.exe
+ NBJ Nero BackItUp Scheduler Application (Not verified) Ahead Software AG c:\program files\ahead\nero backitup\nbj.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ application/octet-stream Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-complus Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ application/x-msdownload Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ skype4com Skype for COM API (Verified) Skype Technologies SA c:\program files\common files\skype\skype4com.dll
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ n/a Microsoft .NET IE SECURITY REGISTRATION (Not verified) Microsoft Corporation c:\windows\system32\mscories.dll
+ n/a File not found: C:\WINDOWS\system32\msorcl32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ AVG Anti-Spyware 7.5 AVG Anti-Spyware shellexecutehook (Verified) GRISOFT LTD c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
+ sasseh.dll ShellExecuteHook (Not verified) SuperAdBlocker.com c:\program files\superantispyware\sasseh.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ CA_AntiVirus CA Antivirus Shell Extension Handler (Verified) Computer Associates International c:\windows\avshlext.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ Fusion Cache Microsoft .NET Runtime Execution Engine (Not verified) Microsoft Corporation c:\windows\system32\mscoree.dll
+ HPNSView HPNSExtn Module c:\program files\hewlett-packard\digital imaging\bin\hpdns_01.dll
+ iTunes iTunes Mini Player DLL (Verified) Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll
+ OmniPass Shell Extension OPShellE Module (Not verified) Softex Incorporated c:\program files\softex\omnipass\opshelle.dll
+ SampleView ShellvRTF (Not verified) XSS c:\windows\system32\shellvrtf.dll
+ Shell Extensions for RealOne Player RealOne Player Shell Extensions (Not verified) RealNetworks c:\program files\real\realone player\rpshellext.dll
+ Sony Ericsson File Manager File Manager interface (Not verified) Sony Ericsson Mobile Communications AB c:\program files\sony ericsson\mobile2\file manager\fmgrgui.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ Yahoo! Mail Yahoo! Mail (Verified) Yahoo! Inc. c:\program files\yahoo!\common\ymmapi.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ SSVHelper Class Java™ Platform SE binary (Verified) Sun Microsystems, Inc. c:\program files\java\jre1.6.0_01\bin\ssv.dll
+ {F39022DD-4718-4AF5-8F89-DB61016B14Ce} File not found: C:\WINDOWS\system32\hstpodqh.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ hpdtlk02.dll hp view toolbar (Not verified) Hewlett-Packard Company c:\program files\hewlett-packard\digital imaging\bin\hpdtlk02.dll
+ yt.dll Yahoo! Toolbar (Verified) Yahoo! Inc. c:\program files\yahoo!\companion\installs\cpn5\yt.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ AIM AOL Instant Messenger (Verified) America Online, Inc. c:\program files\aim\aim.exe
+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe
Task Scheduler
+ AppleSoftwareUpdate.job Software Application (Verified) Apple Computer, Inc. c:\program files\apple software update\softwareupdate.exe
HKLM\System\CurrentControlSet\Services
+ AVG Anti-Spyware Guard AVG Anti-Spyware guard (Verified) GRISOFT LTD c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
+ CAISafe CA ISafe Service (Verified) Computer Associates International c:\program files\yahoo!\antivirus\isafe.exe
+ ccEvtMgr Symantec Event Manager (Verified) Symantec Corporation c:\program files\common files\symantec shared\ccevtmgr.exe
+ ccPxySvc Symantec Proxy Service (Verified) Symantec Corporation c:\program files\norton personal firewall\ccpxysvc.exe
+ NISUM Handles Norton Personal Firewall Account Management (Verified) Symantec Corporation c:\program files\norton personal firewall\nisum.exe
+ omniserv c:\program files\softex\omnipass\omniserv.exe
+ Pml Driver HPZ12 PML Driver (Not verified) HP c:\windows\system32\hpzipm12.exe
+ sdAuxService Provides auxiliary Spyware Doctor services. If this service is disabled spyware protection will be reduced. (Verified) PC Tools c:\program files\spyware doctor\svcntaux.exe
+ sdCoreService Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled. (Verified) PC Tools c:\program files\spyware doctor\swdsvc.exe
+ VETMSGNT CA Antivirus Realtime Messaging Service (Verified) Computer Associates International c:\program files\yahoo!\antivirus\vetmsg.exe
HKLM\System\CurrentControlSet\Services
+ AVG Anti-Spyware Driver (Verified) GRISOFT LTD c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
+ AvgAsCln AVG7 Clean Driver (Verified) GRISOFT LTD c:\windows\system32\drivers\avgascln.sys
+ catchme File not found: C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys
+ GEARAspiWDM CD/DVD Class Filter Driver (Verified) GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ gmer GMER Driver http://www.gmer.net (Not verified) GMER c:\windows\system32\drivers\gmer.sys
+ IKFileFlt (Verified) PC Tools c:\windows\system32\drivers\ikfileflt.sys
+ IKFileSec (Verified) PC Tools c:\windows\system32\drivers\ikfilesec.sys
+ IkSysFlt System Filter Device Driver (Verified) PC Tools c:\windows\system32\drivers\iksysflt.sys
+ IKSysSec System Security Device Driver (Verified) PC Tools c:\windows\system32\drivers\iksyssec.sys
+ NVENET NVIDIA nForce MCP Networking Driver. (Not verified) NVIDIA Corporation c:\windows\system32\drivers\nvenet.sys
+ pfc Padus® ASPI Shell (Not verified) Padus, Inc. c:\windows\system32\drivers\pfc.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP (Not verified) Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ SASDIFSV SASDIFSV c:\program files\superantispyware\sasdifsv.sys
+ SASENUM SuperAntiSpyware (Not verified) SuperAdBlocker, Inc. c:\program files\superantispyware\sasenum.sys
+ SASKUTIL SASKUTIL.SYS c:\program files\superantispyware\saskutil.sys
+ SunkFilt SunkFilt (Not verified) Alcor Micro Corp. c:\windows\system32\drivers\sunkfilt.sys
+ Sunkfiltp File not found: C:\WINDOWS\System32\Drivers\sunkfiltp.sys
+ SYMDNS DNS Filter (Verified) Symantec Corporation c:\windows\system32\drivers\symdns.sys
+ SymEvent Symantec Event Library (Verified) Symantec Corporation c:\program files\symantec\symevent.sys
+ SYMFW Norton Internet Security Firewall Filter (Verified) Symantec Corporation c:\windows\system32\drivers\symfw.sys
+ SYMIDS Norton Internet Security IDS Filter (Verified) Symantec Corporation c:\windows\system32\drivers\symids.sys
+ SYMIDSCO Norton Internet Security IDS Core (Verified) Symantec Corporation c:\windows\system32\drivers\symidsco.sys
+ SYMNDIS NDIS Filter (Verified) Symantec Corporation c:\windows\system32\drivers\symndis.sys
+ SYMREDRV Redirector Filter (Verified) Symantec Corporation c:\windows\system32\drivers\symredrv.sys
+ SYMTDI Norton Internet Security Filter (Verified) Symantec Corporation c:\windows\system32\drivers\symtdi.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ !SASWinLogon SUPERAntiSpyware WinLogon Processor (Not verified) SUPERAntiSpyware.com c:\program files\superantispyware\saswinlo.dll
+ OPXPGina c:\program files\softex\omnipass\opxpgina.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ CA ISafe LSP CA ISafe LSP DLL (Verified) Computer Associates International c:\windows\system32\vetredir.dll
+ CA ISafe LSP over [MSAFD Tcpip [RAW/IP]] CA ISafe LSP DLL (Verified) Computer Associates International c:\windows\system32\vetredir.dll
+ CA ISafe LSP over [MSAFD Tcpip [TCP/IP]] CA ISafe LSP DLL (Verified) Computer Associates International c:\windows\system32\vetredir.dll
+ CA ISafe LSP over [MSAFD Tcpip [UDP/IP]] CA ISafe LSP DLL (Verified) Computer Associates International c:\windows\system32\vetredir.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ HP Standard TCP/IP Port Standard TCP/IP Port Monitor DLL (Not verified) Hewlett Packard c:\windows\system32\hptcpmon.dll
+ hpzsnt07 (Not verified) HP c:\windows\system32\hpzsnt07.dll

#20 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 25 July 2007 - 07:44 PM

Hmmm - what's sticking out the most in all that is truly just too much protective software:

Yahoo!\Antivirus
Spyware Doctor
AOL Spyware Protection
Norton (at least the firewall, but other services are loaded)
AVG Anti-Spyware
and we added SuperAntiSpyware


Let's take a look then discuss that. Open Hijackthis.
Click Config - Misc Tools - Open Uninstall Manager.
A list of the entries in Add/Remove programs will appear.
Click on Save List...
The list will be saved as 'Uninstall_list.txt'
Copy & Paste the contents back here for review.

#21 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 25 July 2007 - 11:51 PM

Oh, about two days ago, Norton has notified me to renew subscription and i did. But a day later, Norton again notifies me that i need to renew. A window popup also alerted me that the Symantex product apparently has been attacked or a possible virus that is attempting to disable my protection. Is this big problem that needs immediate action to uninstall symantec? and possibly the other protection programs? Here is the uninstall list: Adobe Flash Player 9 ActiveX Adobe Photoshop CS Adobe Reader 8.1.0 Adobe Shockwave Player Adobe® Photoshop® Album Starter Edition 3.0 AIMutation (remove only) AOL Explorer AOL Instant Messenger AOL Uninstaller (Choose which Products to Remove) Apple Software Update ArcSoft ShowBiz 2 AT&T Yahoo! Applications AVG Anti-Spyware 7.5 Blackhawk Striker from Hewlett-Packard Desktops (remove only) Blasterball 2 from Hewlett-Packard Desktops (remove only) Bounce from Hewlett-Packard Desktops (remove only) Cannonballs from Hewlett-Packard Desktops (remove only) Creative WebCam Center Creative WebCam Live! Ultra Driver (1.01.03.0127) Disc2Phone DivX DivX Player DivX Web Player Enhanced Multimedia Keyboard Solution Excavation from Hewlett-Packard Desktops (remove only) Five Card Frenzy from Hewlett-Packard Desktops (remove only) GdiplusUpgrade GemMaster 3 from Hewlett-Packard Desktops (remove only) Hijackthis 1.99.1 HijackThis 1.99.1 Honeycombs from Hewlett-Packard Desktops (remove only) HP Deskjet Preloaded Printer Drivers HP Extended Capabilities 5.3 HP Imaging Device Functions 5.3 hp instant support HP Organize HP Photo & Imaging 3.0 HP Photosmart Essential HP PSC & OfficeJet 5.3.B HP Solution Center & Imaging Support Tools 5.3 HP Update HPImageZone Intel® Extreme Graphics Driver IntelliMover Data Transfer Demo InterVideo WinDVD Player iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java™ SE Runtime Environment 6 Update 1 LimeWire 4.12.6 LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Mars Rover from Hewlett-Packard Desktops (remove only) Memories Disc Creator 2.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Plus! Digital Media Edition Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Works 7.0 MSXML 4.0 SP2 (KB927978) Multimedia Card Reader MUSICMATCH® Jukebox Nero Suite Norton Personal Firewall NVIDIA Ethernet Driver NVIDIA Gart Driver NVIDIA Windows 2000/XP Display Drivers OmniPass Orbital from Hewlett-Packard Desktops (remove only) Otto from Hewlett-Packard Desktops (remove only) Panda ActiveScan PC-Doctor for Windows Photosmart 140,240,7200,7600,7700,7900 Series Polar Bowler from Hewlett-Packard Desktops (remove only) PS2 PSP Video Express(remove only) Python 2.2 combined Win32 extensions Python 2.2.1 Quicken 2003 New User Edition QuickTime RealOne Player RecordNow! S3Display S3Gamma2 S3Info2 S3Overlay SBC Yahoo! DSL Home Networking Installer Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Skype 3.1 Skype Plugin Manager Slyder from Hewlett-Packard Desktops (remove only) Sonic Update Manager Sony Ericsson PC Suite Spyware Doctor 5.0 STX from Hewlett-Packard Desktops (remove only) SUPERAntiSpyware Free Edition toolkit Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB927891) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Viewpoint Media Player Virtual Warfare from Hewlett-Packard Desktops (remove only) Weblink Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media Player 9 Hotfix [See KB885492 for more information] Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Service Pack 2 WinRAR archiver

#22 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 26 July 2007 - 11:15 AM

Part of what we are trying to determine at this point is how software overlap is causing issues. Norton is a favorite target of infection, but if updates of that were made with Spyware Doctor enabled they might have corrupted. Or any of the others being involved. But yes, you may need to reinstall Norton to make corrections - we'll have to wait and see. A problem we have been facing since ISP's started to install their own reworked anti-malware software are these overlaps, and especially figuring out how to safely uninstall them when they are linked into the ISP software. In Add/Remove programs right off you can uninstall the following undesirable or update replaced software.

Viewpoint Media Player

J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9


(not Java™ SE Runtime Environment 6 Update 1 - leave this)


Then if it is a trial version you should uninstall Spyware Doctor - you can always reinstall it later if you choose.

And you will need to remove both the redundant antivirus softwares. They are likely shown as options in single list items in Add/Remove Programs.

For AOL AntiSpyware, click the following and if availlable uninstall it, but if you still use AOL service be sure to only uninstall the unwanted item.

AOL Uninstaller (Choose which Products to Remove)


For Yahoo and it's Computer Associates software the removal is not so obvious here. Click to check the following two items to determine if there is an option to uninstall Cav/CA/Vet/eTrust. If at any time you are not clear on this part best to contact your ISP for information. Be careful with the SBC item as it appears to bring your net connection software.

AT&T Yahoo! Applications
SBC Yahoo! DSL Home Networking Installer



Post back an update on your progress after please.

#23 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 26 July 2007 - 11:06 PM

I don't really get what your'e trying to say about the Yahoo programs. I went to add/remove program and clicked on AT&T Yahoo Applications and a list of four things appeared. A) Base Components B ) Install Manager C) Internet Email D) This last one I removed which included the yahoo antivirus, spyware, and such protections. (After I removed the last option, Windows alert me that i don't have a antivirus program) I could not find Cav/CA/Vet/eTrust where might this be located? Do i search for it using the Autorun program? i didn't find any AOL AntiSpyware to uninstall, the only program under AOL Uninstaller was my AOL explorer but i accidently deleted that.

Edited by Jordan_Inc, 26 July 2007 - 11:07 PM.


#24 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 27 July 2007 - 04:29 AM

That sounds like you found and removed the correct Yahoo entry, and if the Service Center was identifying it as the installed antivirus we will be correcting that soon. Unfortunate about the AOL removal. Will you be able to return that without too much difficulty? That Cav/CA/Vet/eTrust is only all the different names showing for Computer Associates software - just meant as a tip for what to look for. Post back new HijackThis and Silent Runners logs and let's see what to do next.

#25 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 28 July 2007 - 12:50 AM

HIjackTHis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:35:51 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {F39022DD-4718-4AF5-8F89-DB61016B14Ce} - C:\WINDOWS\system32\hstpodqh.dll (file missing)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2E12FB00-546B-4EE3-9CC2-057BF02E1C17} (Webshots Multiple Media Uploader - Container) - http://community.web...wsaxcontrol.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcopho...stcoActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritag...EngineQuery.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1134859808406
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134859798828
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe



Silent RUnner Log:


"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"BackupNotify" = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [null data]
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"MSMSGS" = ""C:\Program Files\Messenger\MSMSGS.EXE" /background" [MS]
"NBJ" = ""C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"HPHUPD05" = "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]
"StorageGuard" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AutoTKit" = "C:\hp\bin\AUTOTKIT.EXE" [null data]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"mmtask" = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" ["TODO: <Company name>"]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]
"Sony Ericsson PC Suite" = ""C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions" ["Sony Ericsson Mobile Communications AB"]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"VF0060 STISvc" = "RunDLL32.exe V0060Pin.dll,RunDLL32EP 513" [MS]
"ccApp" = ""c:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
{F39022DD-4718-4AF5-8F89-DB61016B14Ce}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\hstpodqh.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"
-> {HKLM...CLSID} = "My Kahuna"
\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdns_01.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshellext.dll" ["RealNetworks"]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {HKLM...CLSID} = "SampleView"
\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {HKLM...CLSID} = "Desktop Explorer"
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}" = "OmniPass Shell Extension"
-> {HKLM...CLSID} = "OmniPass Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Softex\OmniPass\opshelle.dll" ["Softex Incorporated"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{A5110426-177D-4e08-AB3F-785F10B4439C}" = "Sony Ericsson File Manager"
-> {HKLM...CLSID} = "Sony Ericsson File Manager"
\InProcServer32\(Default) = "C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll" ["Sony Ericsson Mobile Communications AB"]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\Ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.dll" ["SUPERAntiSpyware.com"]
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> OPXPGina\DLLName = "C:\Program Files\Softex\OmniPass\opxpgina.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
OPShellE\(Default) = "{CCFE56EE-C7DE-44EE-A160-4553A5A912C9}"
-> {HKLM...CLSID} = "OmniPass Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Softex\OmniPass\opshelle.dll" ["Softex Incorporated"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {HKLM...CLSID} = "YMailShellExt Class"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\Ymmapi.dll" ["Yahoo! Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]

    Advertisements

Register to Remove


#26 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 28 July 2007 - 12:52 PM

Looks like you didn't quite let Silent Runners complete it's scan (it should notify you when completed). So far much improved, with only one orphaned Vundo BHO entry to correct, but in looking back through logs I don't see where one file was deleted that was part of the active infection. And I am still not comfortable with the extra changes GMER shows occurring to running processes there.



Close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select “Fix Checked” and close HijackThis.

O2 - BHO: (no name) - {F39022DD-4718-4AF5-8F89-DB61016B14Ce} - C:\WINDOWS\system32\hstpodqh.dll (file missing)


Next make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Do a search ( Start - Search/Find - Files or Folders) for the following hilighted files/folders (shown in Bold), and if found, delete them.

Folders (they will recreate next reboot):
C:\Documents and Settings\Administrator\Local Settings\Temp
C:\Documents and Settings\Default User\Local Settings\Temp

Files (let me know if you had issues with these):
C:\WINDOWS\system32\dcmrm.dll
C:\WINDOWS\system32\msorcl32.exe <-- likely already deleted


Reboot, and Open HijackThis again. Click Config - Misc Tools. Then check "List also minor sections (full)" and also check "List empty sections (complete)" and then click on "Generate Startup List Log" Copy the log and post it back in this thread. It will be a large logfile.


Also run and post back a new ComboFix scan please.

Edited by Jintan, 28 July 2007 - 12:53 PM.


#27 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 29 July 2007 - 05:30 PM

I searched for these files
C:\WINDOWS\system32\dcmrm.dll
C:\WINDOWS\system32\msorcl32.exe

but i couldn't find them anywhere.
the other files were deleted.



HiJackThis Log:

StartupList report, 7/29/2007, 4:15:42 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
hp psc 1000 series.lnk = ?
hpoddt01.exe.lnk = ?
Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HPHUPD05 = c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
StorageGuard = "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
AutoTKit = C:\hp\bin\AUTOTKIT.EXE
nwiz = nwiz.exe /installquiet /keeploaded /nodetect
mmtask = C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
AlcxMonitor = ALCXMNTR.EXE
HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
KBD = C:\HP\KBD\KBD.EXE
Sony Ericsson PC Suite = "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
Adobe Photo Downloader = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
VF0060 STISvc = RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
ccApp = "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

BackupNotify = c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
NVIEW = rundll32.exe nview.dll,nViewLoadHook
MSMSGS = "C:\Program Files\Messenger\MSMSGS.EXE" /background
NBJ = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

[{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}] *
StubPath = C:\WINDOWS\system32\msorcl32.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
FRU Task #Hewlett-Packard#hp psc 1200 series#1072488026.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[Webshots Multiple Media Uploader - Container]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WSAXCO~1.OCX
CODEBASE = http://community.web...wsaxcontrol.cab

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll

[Snapfish Activia]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx
CODEBASE = http://www.costcopho...stcoActivia.cab

[Malicious Software Removal Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WebCleaner.dll
CODEBASE = http://download.micr.../WebCleaner.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by109fd.bay10...es/MsnPUpld.cab

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://download.bitd...can8/oscan8.cab

[CSEQueryObject Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\SearchEngineQuery.dll
CODEBASE = http://www.myheritag...EngineQuery.dll

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://update.micros...b?1134859808406

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.micros...b?1134859798828

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[Webshots Photo Uploader]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WSPHOT~1.OCX
CODEBASE = http://community.web...otoUploader.CAB

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.6.0_01]
InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
ahwldtmpctes: system32\drivers\ahwldtmpctes.sys (manual start)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
catchme: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys (manual start)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation Service: "c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Proxy Service: "c:\Program Files\Norton Personal Firewall\ccPxySvc.exe" (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
gmer: System32\DRIVERS\gmer.sys (system)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE" (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Norton Personal Firewall Accounts Manager: "c:\Program Files\Norton Personal Firewall\NISUM.EXE" (autostart)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA nForce MCP Networking Controller Driver: System32\DRIVERS\NVENET.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Softex OmniPass Service: C:\Program Files\Softex\OmniPass\Omniserv.exe (autostart)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
PS2: System32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver: System32\DRIVERS\R8139n51.SYS (manual start)
S3Psddr: System32\DRIVERS\s3gnbm.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Sony Ericsson Device 044 Driver driver (WDM): system32\DRIVERS\SE2Cbus.sys (manual start)
Sony Ericsson Device 044 USB WMC Modem Filter: system32\DRIVERS\SE2Cmdfl.sys (manual start)
Sony Ericsson Device 044 USB WMC Modem Driver: system32\DRIVERS\SE2Cmdm.sys (manual start)
Sony Ericsson Device 044 USB Ethernet Emulation SEMC44 (WDM): system32\DRIVERS\se2Cunic.sys (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: System32\DRIVERS\sisgrp.sys (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
SiSkp: System32\DRIVERS\srvkp.sys (system)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Alcor Micro Corp - 9360: \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys (manual start)
HP && Alcor Micro Corp for Phison: \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{DBC49D1F-CE2A-4F95-823A-14394866C90F} (manual start)
SYMDNS: \??\C:\WINDOWS\system32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \??\C:\WINDOWS\system32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \??\C:\WINDOWS\system32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\WINDOWS\system32\Drivers\SYMIDSCO.SYS (manual start)
SYMNDIS: \??\C:\WINDOWS\system32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
Creative WebCam Live! Ultra: system32\DRIVERS\V0060Vid.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
Wdrfosn: C:\WINDOWS\system32\drivers\mssmbios.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (manual start)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 40,345 bytes
Report generated in 0.172 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#28 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 29 July 2007 - 05:31 PM

ComboFix Log:


"Owner" - 2007-07-29 16:16:32 - ComboFix 07-07-13.8 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-30 )))))))))))))))))))))))))))))))


2007-07-19 18:14 8,576 --a------ C:\WINDOWS\system32\drivers\ahwldtmpctes.sys
2007-07-19 18:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-18 18:32 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-07-18 17:48 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-17 21:56 4,786 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-16 19:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-16 19:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-16 19:46 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-07-16 18:14 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-07-16 18:07 <DIR> d-------- C:\VundoFix Backups
2007-07-16 16:37 <DIR> d-------- C:\227a420d6b8ec2d72143b1
2007-07-16 16:18 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-16 15:45 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-07-15 12:56 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-07-15 11:01 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-15 10:28 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-15 02:30 836 --a------ C:\DOCUME~1\ADMINI~1\APPLIC~1\ViewerApp.dat
2007-07-15 01:25 <DIR> d--h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\GTek
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Publish Providers
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\NetMedia Providers
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Motive
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lycos
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\InterVideo
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\interMute
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Corel
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ArcSoft
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AOL
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Aim
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.limewire
2007-07-15 01:25 <DIR> d-------- C:\DOCUME~1\ADMINI~1\.jpi_cache
2007-07-15 01:24 524,288 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-15 01:24 <DIR> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Incomplete
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Yahoo! Messenger
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Template
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic Foundry
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Sonic
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Roxio
2007-07-15 01:24 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
2007-07-15 01:17 <DIR> d-------- C:\WINDOWS\pss


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-30 00:09:13 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-27 05:23:29 -------- d-----w C:\Program Files\Yahoo!
2007-07-27 05:22:32 -------- d-----w C:\Program Files\Common Files\Scanner
2007-07-27 04:49:18 -------- d-----w C:\Program Files\Common Files\AOL
2007-07-27 04:15:42 -------- d-----w C:\Program Files\Viewpoint
2007-07-20 04:44:26 -------- d-----w C:\Program Files\QuickTime
2007-07-20 04:39:19 -------- d-----w C:\Program Files\Norton Personal Firewall
2007-07-20 04:35:37 -------- d-----w C:\Program Files\Messenger
2007-07-20 04:30:59 -------- d-----w C:\Program Files\iTunes
2007-07-20 04:22:47 -------- d-----w C:\Program Files\Freeprod Toolbar
2007-07-20 04:22:08 -------- d-----w C:\Program Files\Common Files\Teleca Shared
2007-07-17 03:27:30 -------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-07-15 19:41:21 -------- d-----w C:\Program Files\2Wire
2007-07-08 06:04:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Skype
2007-07-01 07:09:51 4 ----a-w C:\WINDOWS\system32\stfv.bin
2007-06-18 05:10:30 32 --sha-w C:\WINDOWS\system32\{981E6DF4-EF56-48B7-9837-71508F600CF8}.dat
2007-06-18 05:10:30 32 --sha-w C:\WINDOWS\{C2DE7FE9-0E3A-4D91-8B0F-318831CE9792}.dat
2007-06-18 05:09:23 -------- d-----w C:\Program Files\Symantec
2007-06-18 05:07:25 14 ----a-w C:\WINDOWS\system32\SR2.dat
2007-06-17 05:27:46 -------- d-----w C:\Program Files\545 Studios
2007-06-16 19:58:51 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2007-06-14 06:55:30 26,880 ----a-w C:\WINDOWS\vxddsk.exe
2007-06-14 06:55:14 567 ----a-w C:\WINDOWS\system32\drivers\users_rating.gif
2007-06-14 06:55:14 291 ----a-w C:\WINDOWS\system32\drivers\v.gif
2007-06-14 06:55:14 283 ----a-w C:\WINDOWS\system32\drivers\x.gif
2007-06-14 06:55:13 801 ----a-w C:\WINDOWS\system32\drivers\system_stable_header_small.gif
2007-06-14 06:55:13 6,533 ----a-w C:\WINDOWS\system32\drivers\system_stable_box_small.jpg
2007-06-14 06:55:13 15,075 ----a-w C:\WINDOWS\system32\drivers\system_stable_box.jpg
2007-06-14 06:55:13 1,636 ----a-w C:\WINDOWS\system32\drivers\system_stable_header.gif
2007-06-14 06:55:12 579 ----a-w C:\WINDOWS\system32\drivers\spy_away_header_small.gif
2007-06-14 06:55:12 5,097 ----a-w C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
2007-06-14 06:55:12 13,618 ----a-w C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-06-14 06:55:12 1,139 ----a-w C:\WINDOWS\system32\drivers\spy_away_header.gif
2007-06-14 06:55:11 841 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
2007-06-14 06:55:11 14,484 ----a-w C:\WINDOWS\system32\drivers\protect.gif
2007-06-14 06:55:11 1,804 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
2007-06-14 06:55:10 737 ----a-w C:\WINDOWS\system32\drivers\logo_bg.gif
2007-06-14 06:55:10 4,557 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
2007-06-14 06:55:10 3,099 ----a-w C:\WINDOWS\system32\drivers\logo.gif
2007-06-14 06:55:10 10,260 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-06-14 06:55:09 811 ----a-w C:\WINDOWS\system32\drivers\download_btn.gif
2007-06-14 06:55:09 746 ----a-w C:\WINDOWS\system32\drivers\buy_btn.gif
2007-06-14 06:55:09 580 ----a-w C:\WINDOWS\system32\drivers\features.gif
2007-06-14 06:55:09 50,277 ----a-w C:\WINDOWS\system32\drivers\pt.htm
2007-06-14 06:55:09 427 ----a-w C:\WINDOWS\system32\drivers\4_stars.gif
2007-06-14 06:55:09 365 ----a-w C:\WINDOWS\system32\drivers\5_stars.gif
2007-06-14 06:55:07 945 ----a-w C:\WINDOWS\system32\drivers\s_detect.htm
2007-06-14 06:55:07 6,373 ----a-w C:\WINDOWS\system32\drivers\secuity_center_logo.gif
2007-06-14 06:55:06 64 ----a-w C:\WINDOWS\system32\drivers\close_icon.gif
2007-06-14 06:55:06 6,575 ----a-w C:\WINDOWS\system32\drivers\remove_spyware_button.gif
2007-06-14 06:55:06 360 ----a-w C:\WINDOWS\system32\drivers\header_bg.gif
2007-06-14 06:55:06 2,186 ----a-w C:\WINDOWS\system32\drivers\alert_icon.gif
2007-06-14 06:55:06 1,014 ----a-w C:\WINDOWS\system32\drivers\icon_warning.gif
2007-06-14 06:55:05 4,825 ----a-w C:\WINDOWS\system32\drivers\detect.htm
2007-06-12 03:50:04 75,264 ----a-w C:\WINDOWS\system32\WEP.dll
2007-06-05 07:35:38 -------- d-----w C:\Program Files\Stardock
2007-05-31 01:06:19 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Snapfish
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2005-07-07 03:25:12 343,639 ------r C:\Program Files\Common Files\clbcatex.exe
2005-01-03 19:20:15 836 ----a-w C:\DOCUME~1\Owner\APPLIC~1\ViewerApp.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 02:03]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 07:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2003-08-23 06:14]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19]
"nwiz"="nwiz.exe" [2003-05-02 22:19 C:\WINDOWS\system32\nwiz.exe]
"mmtask"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-02-24 17:51]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 C:\WINDOWS\ALCXMNTR.EXE]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 15:44]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36]
"VF0060 STISvc"="V0060Pin.dll" [2004-10-31 17:00 C:\WINDOWS\system32\V0060Pin.dll]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-11-14 19:29]
"ccRegVfy"="c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-11-14 19:29]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 20:25]
"NVIEW"="nview.dll,nViewLoadHook" []
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-10-13 08:24]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 19:25]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 04:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll --a------ 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\setup.exe


HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}
C:\WINDOWS\system32\msorcl32.exe

Contents of the 'Scheduled Tasks' folder
2007-07-02 05:29:17 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2004-05-28 02:37:18 C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1072488026.job

**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-29 16:25:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-29 16:26:25
C:\ComboFix-quarantined-files.txt ... 2007-07-29 16:25
C:\ComboFix2.txt ... 2007-07-16 19:10
C:\ComboFix3.txt ... 2007-07-15 11:26

--- E O F ---

#29 Jintan

Jintan

    Advanced Member

  • Visiting Fellow
  • PipPipPipPip
  • 791 posts

Posted 30 July 2007 - 04:46 PM

At least one of those files showed earlier and no logs indicated it's removal, so although it was deleted we shouldn't chance that. Overall things look much improved, but that GMER log still reflected something hooking all processes there. Just does not feel right at all. One random name driver but it is likely one we added with a tool use. Let's clean more and check more.



REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]

[-HKEY_CLASSES_ROOT\CLSID\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}]
Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it newfix.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry.



Open Notepad (Start - Programs - Accessories) and copy the following text into a new file:

cd C:\WINDOWS\system32
cacls dcmrm.dll /e /g Everyone:f
attrib -s -h -r dcmrm.dll
ren dcmrm.dll dcmrm.dll.vir

Save the file to the desktop as seeit.bat and make sure the "Save as type" field says "All files".

Then double-click on seeit.bat. A window should open and close fairly quickly --- this is normal.

Then navigate to the C:\Windows\System32 folder and see if you can locate dcmrm.dll.vir now. Renamed it is out of action but for now it would be good to confirm issues like masked files are still active there.



Was sorta hoping one of the scans done so far would clean out the junk left in the system32 drivers folder - pretty classless act dumping them there instead of at least making a folder for that (they are all just mostly some of that rogue software's display panel images, so not actually active infection in any way). You can manually delete the following listed files - they will likely be the only files of these types in the system32 -> drivers folder, and in that folder if you go to View - Arrange Icons by - Modified, you will have a nice list of these all modified around 6-14.

C:\WINDOWS\system32\drivers\users_rating.gif
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\system_stable_header_small.gif
C:\WINDOWS\system32\drivers\system_stable_box_small.jpg
C:\WINDOWS\system32\drivers\system_stable_box.jpg
C:\WINDOWS\system32\drivers\system_stable_header.gif
C:\WINDOWS\system32\drivers\spy_away_header_small.gif
C:\WINDOWS\system32\drivers\spy_away_box_small.jpg
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spy_away_header.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header_small.gif
C:\WINDOWS\system32\drivers\protect.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_header.gif
C:\WINDOWS\system32\drivers\logo_bg.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box_small.jpg
C:\WINDOWS\system32\drivers\logo.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\download_btn.gif
C:\WINDOWS\system32\drivers\buy_btn.gif
C:\WINDOWS\system32\drivers\features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\4_stars.gif
C:\WINDOWS\system32\drivers\5_stars.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\secuity_center_logo.gif
C:\WINDOWS\system32\drivers\close_icon.gif
C:\WINDOWS\system32\drivers\remove_spyware_button.gif
C:\WINDOWS\system32\drivers\header_bg.gif
C:\WINDOWS\system32\drivers\alert_icon.gif
C:\WINDOWS\system32\drivers\icon_warning.gif
C:\WINDOWS\system32\drivers\detect.htm


Download and run Process Explorer from here. Click on View and check "Show processes from all users", "show fractional CPU" and "Show unnamed handles".

Then in the Process Explorer display locate and click to hilight "winlogon.exe". Then go to File - Save As, and save that file to your desktop. Next do the same for "explorer.exe". Zip copies of these to upload for review (if you post them here it will create some pretty large log posts).


Now locate C:\SDFix\backups\backups.zip.


Then Just go here and follow the instructions to upload those zip files.

You DO NOT need to be a member to upload, anybody can upload the files.

#30 Jordan_Inc

Jordan_Inc

    Authentic Member

  • Authentic Member
  • PipPip
  • 41 posts

Posted 30 July 2007 - 08:28 PM

i uploaded the zip files on the tester account

http://security-cent...19898#post19898



i couldn't locate C:\SDFix\backups\backups.zip. But i found a similar file named backupreg.zip.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users