Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HJT Log, minor viruses


  • Please log in to reply
24 replies to this topic

#16 viruseslikeme

viruseslikeme

    Authentic Member

  • Authentic Member
  • PipPip
  • 74 posts

Posted 30 October 2007 - 08:20 PM

I am in the middle of scanning with Kaspersky, just giving you an update. It seems to be taking a while.

    Advertisements

Register to Remove


#17 viruseslikeme

viruseslikeme

    Authentic Member

  • Authentic Member
  • PipPip
  • 74 posts

Posted 06 November 2007 - 08:31 PM

I am going to post 3 new logs. The first, AVG, with all internet shut down, but not in safe mode. Second, Kaspersky, as in directions. Third, HJT. ___________________________________________________ AVG: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 4:13:12 PM 11/6/2007 + Scan result: HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Cleaned with backup (quarantined). C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP10\A0016061.exe -> Not-A-Virus.Downloader.Win32.Agent.q : Cleaned with backup (quarantined). C:\qoobox\Quarantine\C\Program Files\ISM\bndloader.exe.vir -> Not-A-Virus.Downloader.Win32.Agent.q : Cleaned with backup (quarantined). C:\qoobox\Quarantine\C\DOCUME~1\ALLUSE~1\APPLIC~1\nolazetu.dll.vir -> Trojan.Obfuscated.hy : Cleaned with backup (quarantined). C:\qoobox\Quarantine\C\Program Files\Kfuhhnxk\ysobegyq.dll.vir -> Trojan.Obfuscated.hy : Cleaned with backup (quarantined). ::Report end

#18 viruseslikeme

viruseslikeme

    Authentic Member

  • Authentic Member
  • PipPip
  • 74 posts

Posted 06 November 2007 - 08:33 PM

Kaspersky: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, November 06, 2007 9:25:55 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/11/2007 Kaspersky Anti-Virus database records: 452530 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 128066 Number of viruses found: 35 Number of infected objects: 97 Number of suspicious objects: 1 Duration of the scan process: 02:34:30 Infected Object Name / Virus Name / Last Action C:\BIT16A.tmp Suspicious: Packed.Win32.Morphine.a skipped C:\d88ab7ee46209277a3\update\update.exe Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture01.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture02.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture03.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture04.jpg.41b2bf52.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture05.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture06.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture07.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture08.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture09.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\All Users\Application Data\muvee Technologies30625\dscrp\Sample_Picture10.jpg.41b2bf54.mpd Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\usr1\Cookies\index.dat Object is locked skipped C:\Documents and Settings\usr1\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\usr1\History\History.IE5\MSHist012007110620071107\index.dat Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\AOL OCP\AIM\Storage\data\xtreme4280\localStorage\common.cls Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\usr1\Local Settings\Temp\~DFF477.tmp Object is locked skipped C:\Documents and Settings\usr1\NTUSER.DAT Object is locked skipped C:\Documents and Settings\usr1\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\usr1\Temporary Internet Files\Content.IE5\GHQ7GLUF\backdoor_sessions_wb_700[1].flv Object is locked skipped C:\Documents and Settings\usr1\Temporary Internet Files\Content.IE5\GHQ7GLUF\CAW3ADAL.swf Object is locked skipped C:\Documents and Settings\usr1\Temporary Internet Files\Content.IE5\GHQ7GLUF\cj_MISS_JACK9_NOVEMBER[1].jpg Object is locked skipped C:\Documents and Settings\usr1\Temporary Internet Files\Content.IE5\GHQ7GLUF\regulate%20chapter%207%20icon[1].jpg Object is locked skipped C:\Documents and Settings\usr1\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\15.tmp Infected: Email-Worm.Win32.Zhelatin.kb skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\17.tmp Infected: Trojan-Downloader.Win32.Agent.enr skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\18.tmp Infected: Trojan.Win32.VB.bfw skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\19.tmp Infected: Trojan.Win32.VB.bfv skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AB.tmp Infected: Trojan.Win32.Delf.ajv skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AC.tmp/jwaxykhj.sys Infected: Rootkit.Win32.Agent.lj skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AC.tmp/core.sys Infected: Rootkit.Win32.Agent.eq skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AC.tmp/khfgebb.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AC.tmp ZIP: infected - 3 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1AC.tmp CryptFF.b: infected - 3 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1B.tmp Infected: Trojan-Downloader.Win32.Agent.enr skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\1C.tmp Infected: Trojan-Downloader.Win32.Agent.emo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\21.tmp Infected: Trojan.Win32.Pakes.abl skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\33.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\38.tmp Infected: Trojan-Downloader.Win32.Agent.emo skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\39.tmp Infected: Trojan.Win32.Pakes.akr skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4B.tmp Infected: Trojan-Downloader.Win32.Delf.che skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4C.tmp Infected: Trojan-Downloader.Win32.Delf.che skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4D.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4E.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\4F.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\50.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\51.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\52.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\53.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\54.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\55.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\56.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\57.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\58.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\6.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\68.tmp Infected: Email-Worm.Win32.Zhelatin.kb skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\72.tmp Infected: Trojan-Downloader.Win32.Small.buy skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7A.tmp Infected: Trojan-Downloader.Win32.Agent.enr skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7F.tmp/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7F.tmp/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7F.tmp NSIS: infected - 2 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\7F.tmp CryptFF.b: infected - 2 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\80.tmp/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\80.tmp/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\80.tmp NSIS: infected - 2 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\80.tmp CryptFF.b: infected - 2 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\87.tmp Infected: Trojan-Downloader.Win32.Agent.dpn skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\EB8.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FB8.tmp Infected: Trojan.Win32.Agent.bck skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FEF.tmp/data0004 Infected: not-a-virus:AdWare.Win32.TTC.c skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FEF.tmp NSIS: infected - 1 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\FEF.tmp CryptFF.b: infected - 1 skipped C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\WOLYCIQ22011.EXE Infected: not-a-virus:AdWare.Win32.TTC.c skipped C:\Program Files\Vongo\Data\vongo.dat Object is locked skipped C:\qoobox\Quarantine\C\DOCUME~1\usr1\APPLIC~1\bfdwzd.exe.vir Infected: Packed.Win32.CPEX-based.m skipped C:\qoobox\Quarantine\C\Program Files\orsbabqp\gjkvsxwt.dll.vir Infected: Trojan-Downloader.Win32.Zlob.cci skipped C:\qoobox\Quarantine\C\Program Files\SecCenter\scprot4.exe.bak.vir Infected: not-a-virus:FraudTool.Win32.UltimateDefender.p skipped C:\qoobox\Quarantine\C\WINDOWS\system32\aygdfpri.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\bc1\bsasven2.exe.vir/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped C:\qoobox\Quarantine\C\WINDOWS\system32\bc1\bsasven2.exe.vir/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.a skipped C:\qoobox\Quarantine\C\WINDOWS\system32\bc1\bsasven2.exe.vir/stream Infected: not-a-virus:AdWare.Win32.AdBand.a skipped C:\qoobox\Quarantine\C\WINDOWS\system32\bc1\bsasven2.exe.vir NSIS: infected - 3 skipped C:\qoobox\Quarantine\C\WINDOWS\system32\drincdbl.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\eqwesumo.dll.vir Infected: Trojan.Win32.BHO.bw skipped C:\qoobox\Quarantine\C\WINDOWS\system32\fbaoeonw.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\gngsubra.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\grjftcwl.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\hlhkkktb.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\icomncfq.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\jlrmpkmy.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\nabqnswx.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\ngiklfva.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\nrulyrjr.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\ollnlpcv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.lp skipped C:\qoobox\Quarantine\C\WINDOWS\system32\pfuybcvt.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\prigqmmg.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\prktflvq.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped C:\qoobox\Quarantine\C\WINDOWS\system32\pxrjrvon.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\qykupcex.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\rbbqrhxk.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\rwqxyvcj.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\ssqqnol.dll.vir Infected: Trojan-Downloader.Win32.Agent.chu skipped C:\qoobox\Quarantine\C\WINDOWS\system32\vMW02a\vMW02a1065.exe.vir Infected: Trojan-Downloader.Win32.VB.bkw skipped C:\qoobox\Quarantine\C\WINDOWS\system32\wgbnrwfu.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\womgsbnf.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\qoobox\Quarantine\C\WINDOWS\system32\ytpkhixw.exe.vir Infected: Trojan.Win32.Agent.aoy skipped C:\RECYCLER\S-1-5-21-3981156175-3013965790-4101198088-1006\Dc38.exe/data0006 Infected: Trojan-Downloader.Win32.VB.bqc skipped C:\RECYCLER\S-1-5-21-3981156175-3013965790-4101198088-1006\Dc38.exe NSIS: infected - 1 skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP10\A0016064.exe Object is locked skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP11\A0017099.exe/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP11\A0017099.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.a skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP11\A0017099.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.a skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP11\A0017099.exe NSIS: infected - 3 skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP11\A0017100.exe Object is locked skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP11\A0017102.exe Infected: Trojan-Downloader.Win32.VB.bkw skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP20\change.log Object is locked skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP9\A0016033.dll Object is locked skipped C:\System Volume Information\_restore{1368902D-6A36-4B35-812D-DDC763090AC0}\RP9\A0016034.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped C:\WINDOWS\system32\drivers\core.sys Object is locked skipped C:\WINDOWS\system32\edamkmux.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\licvbgre.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\WINDOWS\system32\Mz17r\Mz17r2314.exe Infected: Trojan-Downloader.Win32.VB.bqc skipped C:\WINDOWS\system32\odqcdahp.dll Infected: Trojan.Win32.Delf.ajz skipped C:\WINDOWS\system32\pugiqvom.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\WINDOWS\system32\r2\wr31drs.exe Infected: Trojan-Downloader.Win32.Small.gll skipped C:\WINDOWS\system32\scydbnfc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\WINDOWS\system32\tdgepirv.dll Infected: Trojan.Win32.Agent.cho skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\yhmurnrf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped C:\WINDOWS\temp\sqlite_bgbB9wVHs9biOYB Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

#19 viruseslikeme

viruseslikeme

    Authentic Member

  • Authentic Member
  • PipPip
  • 74 posts

Posted 06 November 2007 - 08:38 PM

HJT:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:14 PM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Vongo\VongoService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\calc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\Seek\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.h...a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] -
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Microsft Windows Adapter 5.1.3013] C:\Documents and Settings\usr1\Application Data\bfdwzd.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1188755419687
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1188755409078
O20 - Winlogon Notify: xxywtur - xxywtur.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe

--
End of file - 8148 bytes




_____________________________________________________________________________

My computer is still getting a few popups.

#20 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 07 November 2007 - 02:30 PM

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

File::
C:\BIT16A.tmp
C:\WINDOWS\system32\edamkmux.dll
C:\WINDOWS\system32\licvbgre.dll
C:\WINDOWS\system32\Mz17r\Mz17r2314.exe
C:\WINDOWS\system32\odqcdahp.dll
C:\WINDOWS\system32\pugiqvom.dll
C:\WINDOWS\system32\scydbnfc.dll
C:\WINDOWS\system32\tdgepirv.dll
C:\WINDOWS\system32\yhmurnrf.dll
Folder::
C:\WINDOWS\system32\r2


Save it to your Desktop with the following filename: CFScript
Drag and drop CFScript.txt onto your copy of Combofix and let it do it's thing.
Let me have the log produced, as before.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish


Double click gmer.exe to begin:
  • If you get a message about "system modification", click Yes and work through the rest of the instructions.
  • Ensure that the Rootkit Tab at the top is selected.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click the Scan button on the right.
  • When the scan has completed, (you'll have time for a snack and a cuppa!), click the Copy button underneath - this will save the report to your Clipboard.
  • Paste it into Notepad (Start > All Programs > Accessories > Notepad) and save it somewhere convenient.
  • Click the >>> Tab at the top and select the Autostart Tab.
  • Click the Scan button on the right - this one should only take seconds to complete.
  • Save the log as before.
Copy and paste both reports into your next reply - you may need to post them separately.
The Preview option may show the whole logs being posted, but they sometimes get cut down when the actual post is made, so check the post once it is completed.
Death to the salad eaters!

#21 viruseslikeme

viruseslikeme

    Authentic Member

  • Authentic Member
  • PipPip
  • 74 posts

Posted 07 November 2007 - 08:07 PM

Combo Fix Log:

ComboFix 07-11-08.1 - usr1 2007-11-07 17:31:25.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1353 [GMT -5:00]
Running from: C:\Documents and Settings\usr1\Desktop\ComboFix2.exe
Command switches used :: C:\Documents and Settings\usr1\Desktop\CFscript.txt
* Created a new restore point

FILE
C:\BIT16A.tmp
C:\WINDOWS\system32\edamkmux.dll
C:\WINDOWS\system32\licvbgre.dll
C:\WINDOWS\system32\Mz17r\Mz17r2314.exe
C:\WINDOWS\system32\odqcdahp.dll
C:\WINDOWS\system32\pugiqvom.dll
C:\WINDOWS\system32\scydbnfc.dll
C:\WINDOWS\system32\tdgepirv.dll
C:\WINDOWS\system32\yhmurnrf.dll
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\BIT16A.tmp
C:\DOCUME~1\usr1\STARTM~1\Programs\Internet Speed Monitor\Check Now.lnk
C:\DOCUME~1\usr1\STARTM~1\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\LocalService\Local Settings\Application Data\n.ini
C:\Documents and Settings\NetworkService\Local Settings\Application Data\n.ini
C:\Documents and Settings\usr1\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\usr1\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\usr1\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\system32\a1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\edamkmux.dll
C:\WINDOWS\system32\g2
C:\WINDOWS\system32\licvbgre.dll
C:\WINDOWS\system32\Mz17r\Mz17r2314.exe
C:\WINDOWS\system32\odqcdahp.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pugiqvom.dll
C:\WINDOWS\system32\r2
C:\WINDOWS\system32\r2\wr31drs.exe
C:\WINDOWS\system32\scydbnfc.dll
C:\WINDOWS\system32\tdgepirv.dll
C:\WINDOWS\system32\v8
C:\WINDOWS\system32\v8\taldrvr11.exe
C:\WINDOWS\system32\yhmurnrf.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-04 18:48 <DIR> d-------- C:\WINDOWS\system32\Mz17r
2007-11-04 18:48 <DIR> d-------- C:\Temp\mZOr
2007-10-30 21:58 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-30 21:58 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-10-30 16:33 <DIR> d-------- C:\Documents and Settings\usr1\Application Data\DivX
2007-10-30 16:33 <DIR> d-------- C:\DOCUME~1\usr1\APPLIC~1\DivX
2007-10-15 21:54 <DIR> d-------- C:\Documents and Settings\usr1\Application Data\Grisoft
2007-10-15 21:54 <DIR> d-------- C:\DOCUME~1\usr1\APPLIC~1\Grisoft
2007-10-15 21:54 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-13 12:58 <DIR> d-------- C:\Program Files\MoparScape
2007-10-12 22:50 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-10-12 22:50 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-10-12 22:50 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-10-10 15:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MAGIX
2007-10-10 15:07 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-10-10 15:07 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-10-10 15:04 430,080 --a------ C:\WINDOWS\system32\MXRestore.exe
2007-10-10 15:04 49,152 --a------ C:\WINDOWS\system32\mgxasio2.dll
2007-10-10 15:03 <DIR> d-------- C:\Program Files\MAGIX
2007-10-10 15:03 120,200 --a------ C:\WINDOWS\system32\DLLDEV32i.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 03:51 --------- d-----w C:\Program Files\DivX
2007-10-10 00:38 --------- d-----w C:\Program Files\Trend Micro
2007-10-06 04:20 --------- d-----w C:\Program Files\HP
2007-10-01 02:42 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2007-09-28 16:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-09-22 00:25 --------- d-----w C:\Program Files\Google
2007-09-20 20:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-09-17 19:40 35,856 ----a-w C:\WINDOWS\system32\drivers\tmpreflt.sys
2007-09-17 19:40 202,768 ----a-w C:\WINDOWS\system32\drivers\tmxpflt.sys
2007-09-17 19:31 1,126,072 ----a-w C:\WINDOWS\system32\drivers\vsapint.sys
2007-09-09 17:18 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
2007-08-19 01:42 10,752 ----a-w C:\WINDOWS\DCEBoot.exe
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-04-25 19:03:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\History\History.IE5\MSHist012007041620070423\index.dat
2007-04-25 19:03:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\History\History.IE5\MSHist012007042520070426\index.dat
2007-04-25 19:03:46 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((( snapshot_2007-09-09_165537.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-07-20 04:47:22 109,056 ----a-w C:\WINDOWS\catchme.exe
+ 2007-10-29 23:56:19 136,192 ----a-w C:\WINDOWS\catchme.exe
- 2007-03-13 14:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-13 15:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-09-22 00:25:45 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe
+ 2007-09-22 00:25:45 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-09-22 00:25:45 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-09-22 00:25:45 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-09-22 00:25:45 65,536 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2007-09-22 00:25:45 26,694 ----a-r C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
- 2007-06-17 04:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 2007-06-17 05:11:58 51,200 ----a-w C:\WINDOWS\NirCmd.exe
+ 1999-08-09 18:39:20 14,832 ----a-w C:\WINDOWS\system32\asfsipc.dll
+ 2007-10-07 01:37:02 8,290 ----a-w C:\WINDOWS\system32\ddccb.dll
+ 2007-09-28 16:05:40 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
+ 2007-09-28 16:05:40 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
+ 2007-09-28 16:05:40 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
+ 2007-09-28 16:05:40 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
+ 2007-09-28 16:08:18 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
+ 2007-09-28 16:07:54 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
+ 2007-09-28 16:05:08 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
+ 2006-10-02 22:24:00 487,424 ----a-w C:\WINDOWS\system32\DLLAV32.dll
+ 2003-03-14 15:33:12 114,688 ----a-w C:\WINDOWS\system32\DLLCDA32.dll
+ 2003-03-14 15:33:00 61,440 ----a-w C:\WINDOWS\system32\DLLCDF32.dll
+ 2006-10-02 22:24:00 94,208 ----a-w C:\WINDOWS\system32\DLLCPY32.dll
+ 2006-10-02 22:24:00 163,840 ----a-w C:\WINDOWS\system32\DLLDEV32.dll
+ 2003-03-14 15:32:44 32,768 ----a-w C:\WINDOWS\system32\DLLDIR32.dll
+ 2006-10-02 22:24:00 151,552 ----a-w C:\WINDOWS\system32\DLLDRV32.dll
+ 2003-03-14 15:33:02 45,056 ----a-w C:\WINDOWS\system32\DLLIMG32.dll
+ 2006-10-02 22:24:00 53,248 ----a-w C:\WINDOWS\system32\DLLIO32.dll
+ 2003-03-14 15:32:46 32,768 ----a-w C:\WINDOWS\system32\DLLISO32.dll
+ 2003-03-14 15:32:40 24,576 ----a-w C:\WINDOWS\system32\DLLIX.dll
+ 2003-03-14 15:32:42 32,768 ----a-w C:\WINDOWS\system32\DLLMSC32.dll
+ 2006-10-02 22:24:00 36,864 ----a-w C:\WINDOWS\system32\DLLPNT32.dll
+ 2003-03-14 15:32:44 49,152 ----a-w C:\WINDOWS\system32\DLLPRF32.dll
+ 2003-03-14 15:33:04 53,248 ----a-w C:\WINDOWS\system32\DLLPRJ32.dll
+ 2003-03-14 15:32:50 65,536 ----a-w C:\WINDOWS\system32\DLLPTL32.dll
+ 2003-03-14 15:35:00 40,960 ----a-w C:\WINDOWS\system32\DLLRD32.dll
+ 2006-10-02 22:24:00 188,416 ----a-w C:\WINDOWS\system32\DLLRES32.dll
+ 2003-03-14 15:32:54 57,344 ----a-w C:\WINDOWS\system32\DLLTPO32.dll
+ 2007-09-28 16:05:50 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
+ 2007-09-28 16:05:42 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
+ 2007-09-28 16:05:42 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
+ 2007-09-28 16:05:44 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
+ 2007-09-28 16:05:42 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
+ 2007-09-28 16:05:42 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
+ 2007-09-28 16:05:42 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
+ 2007-09-28 16:05:50 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
- 2007-04-27 16:01:19 253,472 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-03 01:45:31 281,336 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-10-07 02:37:03 8,290 ----a-w C:\WINDOWS\system32\geebc.dll
+ 1998-10-15 21:28:16 85,504 ----a-w C:\WINDOWS\system32\HtmlWH.dll
+ 1999-01-28 18:44:20 49,152 ----a-w C:\WINDOWS\system32\INETWH32.dll
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
+ 2007-09-28 16:07:44 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
+ 2005-04-10 02:17:44 401,408 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLAV32.dll
+ 2003-03-14 14:33:12 114,688 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLCDA32.dll
+ 2003-03-14 14:33:00 61,440 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLCDF32.dll
+ 2003-03-14 14:32:48 81,920 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLCPY32.dll
+ 2005-04-10 02:17:28 155,648 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLDEV32.dll
+ 2003-03-14 14:32:44 32,768 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLDIR32.dll
+ 2005-04-10 02:17:24 143,360 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLDRV32.dll
+ 2003-03-14 14:33:02 45,056 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLIMG32.dll
+ 2005-04-10 02:17:30 49,152 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLIO32.dll
+ 2003-03-14 14:32:46 32,768 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLISO32.dll
+ 2003-03-14 14:32:40 24,576 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLIX.dll
+ 2003-03-14 14:32:42 32,768 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLMSC32.dll
+ 2005-04-10 02:17:34 36,864 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLPNT32.dll
+ 2003-03-14 14:32:44 49,152 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLPRF32.dll
+ 2003-03-14 14:33:04 53,248 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLPRJ32.dll
+ 2003-03-14 14:32:50 65,536 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLPTL32.dll
+ 2003-03-14 14:35:00 40,960 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLRD32.dll
+ 2005-04-10 02:17:20 188,416 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLRES32.dll
+ 2003-03-14 14:32:54 57,344 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\DLLTPO32.dll
+ 2005-04-10 02:17:20 32,768 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\STRING32.dll
+ 2003-03-14 14:32:54 24,576 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\TTI32.dll
+ 2003-03-14 14:32:54 24,576 ----a-w C:\WINDOWS\system32\MAGIX\mxcdrdll_3.0.0.79\TTIC32.dll
+ 2004-08-12 00:53:00 38,912 ----a-w C:\WINDOWS\system32\mgxasio.dll
+ 2007-04-17 21:05:08 667,648 ----a-w C:\WINDOWS\system32\mgxoschk.dll
- 2003-04-19 07:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
+ 2003-04-18 20:46:22 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
- 2006-04-12 04:54:38 44,544 ----a-w C:\WINDOWS\system32\msxml4a.dll
+ 2003-04-18 20:29:26 44,544 ----a-w C:\WINDOWS\system32\msxml4a.dll
- 2002-02-04 17:43:00 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
+ 2003-04-18 20:29:26 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
- 2007-07-21 01:01:39 54,010 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-11-06 20:01:44 54,010 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-07-21 01:01:39 383,822 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-11-06 20:01:44 383,822 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2005-10-25 05:09:48 409,600 ----a-w C:\WINDOWS\system32\Px.dll
+ 2007-09-28 16:07:48 551,672 ------w C:\WINDOWS\system32\Px.dll
- 2004-09-27 07:00:00 56,832 ----a-w C:\WINDOWS\system32\pxcpya64.exe
+ 2007-09-28 16:07:48 66,296 ------w C:\WINDOWS\system32\pxcpya64.exe
- 2004-09-27 07:00:00 108,544 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
+ 2007-09-28 16:07:48 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
- 2005-10-19 16:01:00 438,272 ----a-w C:\WINDOWS\system32\pxdrv.dll
+ 2007-09-28 16:07:48 518,904 ------w C:\WINDOWS\system32\pxdrv.dll
- 2005-01-12 09:03:00 61,440 ----a-w C:\WINDOWS\system32\pxhpinst.exe
+ 2007-09-28 16:07:50 72,440 ------w C:\WINDOWS\system32\pxhpinst.exe
- 2005-01-12 09:03:00 56,320 ----a-w C:\WINDOWS\system32\pxinsa64.exe
+ 2007-09-28 16:07:48 64,760 ------w C:\WINDOWS\system32\pxinsa64.exe
- 2005-01-12 09:03:00 109,568 ----a-w C:\WINDOWS\system32\pxinsi64.exe
+ 2007-09-28 16:07:48 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
- 2005-10-25 05:08:44 172,032 ----a-w C:\WINDOWS\system32\PxMas.dll
+ 2007-09-28 16:07:50 187,128 ------w C:\WINDOWS\system32\PxMas.dll
- 2005-10-25 05:13:34 1,200,128 ----a-w C:\WINDOWS\system32\PxSFS.DLL
+ 2007-09-28 16:07:50 1,628,920 ------w C:\WINDOWS\system32\PxSFS.DLL
- 2005-10-25 05:08:10 339,968 ----a-w C:\WINDOWS\system32\PxWave.dll
+ 2007-09-28 16:07:50 379,640 ------w C:\WINDOWS\system32\PxWave.dll
+ 2007-09-28 16:07:52 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
+ 2002-09-21 04:33:28 1,089,536 ----a-w C:\WINDOWS\system32\ROBOEX32.DLL
+ 2007-09-28 16:07:44 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
+ 2006-10-02 22:24:00 32,768 ----a-w C:\WINDOWS\system32\STRING32.dll
- 2007-07-22 22:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 23:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2003-03-14 15:32:54 24,576 ----a-w C:\WINDOWS\system32\TTI32.dll
+ 2003-03-14 15:32:54 24,576 ----a-w C:\WINDOWS\system32\TTIC32.dll
- 2005-08-12 16:00:00 28,672 ----a-w C:\WINDOWS\system32\VXBLOCK.dll
+ 2007-09-28 16:07:48 88,824 ------w C:\WINDOWS\system32\VXBLOCK.dll
+ 1999-08-09 18:40:56 163,600 ----a-w C:\WINDOWS\system32\wmaudsdk.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 00:58]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-26 14:48]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-26 14:48]
"nwiz"="nwiz.exe" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 15:29 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="-" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 00:01]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-04-11 23:54]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 01:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 18:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 18:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 16:38]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-05-02 12:36]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-01-23 01:26]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-28 20:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]
"Microsft Windows Adapter 5.1.3013"="C:\Documents and Settings\usr1\Application Data\bfdwzd.exe" []

C:\Documents and Settings\Default User\Start Menu\Programs\Startup\
Vongo Tray.lnk - C:\Program Files\Vongo\Tray.exe [2006-03-30 18:18:32]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 11:39:30]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxywtur]
xxywtur.dll

R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
S4 WIN_MSIEXEC;WINDOWS MSI Installer Application;"C:\WINDOWS\Security\msiexec.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cce958a0-6f99-11dc-8f28-001b241204cb}]
\Shell\AutoRun\command - F:\setupSNK.exe

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 20:54:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????,?@? ????X??????R?@?????,?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 21:00:53 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-07 17:43
C:\ComboFix2.txt ... 2007-10-07 17:43
C:\ComboFix3.txt ... 2007-10-06 18:54
.
--- E O F ---

#22 viruseslikeme

viruseslikeme

    Authentic Member

  • Authentic Member
  • PipPip
  • 74 posts

Posted 07 November 2007 - 08:08 PM

Double post sorry.

Edited by viruseslikeme, 07 November 2007 - 08:51 PM.


#23 viruseslikeme

viruseslikeme

    Authentic Member

  • Authentic Member
  • PipPip
  • 74 posts

Posted 07 November 2007 - 08:51 PM

First GMER scan.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-08 21:45:57
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwClose
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwConnectPort
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwCreateProcess
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwOpenProcess
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwRequestWaitReplyPort
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\system32\DRIVERS\tm_mbd_c.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

? ComboFix.sys The system cannot find the file specified.
? C:\DOCUME~1\usr1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified.

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\wininet.dll [ADVAPI32.dll!RegQueryValueExA] [0102EAA2] c:\program files\aim6\services\imApp\ver6_1_41_2\imAppService.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aim6.exe[2800] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll
IAT C:\Program Files\AIM6\aolsoftware.exe[3768] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F72C9F70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F72C9F70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F72CA160] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F72C9F70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F76DE6C0] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F76DE02E] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F76DE5EE] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F76DEF90] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F76DE006] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F76D8BBC] tmpreflt.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [EB279836] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [EB279836] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F5F72A30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F799BA4A] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F799BA4A] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F799BC82] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F799BCE8] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F799B660] eabfiltr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F799B78E] eabfiltr.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [EB279836] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB279836] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [EB279836] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB279836] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [EB279836] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [EB279836] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [EB2763A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [EB2744A6] tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [EB2744A6] tmtdi.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F72C9F70] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F72C9F70] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F72CA160] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F72C9F70] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F72BDF08] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F76DE6C0] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F76DE02E] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F76DE5EE] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F76DEF90] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F76DE006] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F76D8BBC] tmpreflt.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F76D8BBC] tmpreflt.sys

---- EOF - GMER 1.0.13 ----

#24 viruseslikeme

viruseslikeme

    Authentic Member

  • Authentic Member
  • PipPip
  • 74 posts

Posted 07 November 2007 - 08:52 PM

GMER autostart scan.


GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-11-08 21:46:45
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxywtur@DLLName = xxywtur.dll /*file not found*/

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device /*Apple Mobile Device*/@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
hpqwmiex /*hpqwmiex*/@ = C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
LightScribeService /*LightScribeService Direct Disc Labeling Service*/@ = "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
PcCtlCom /*Trend Micro Central Control Component*/@ = C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
Tmntsrv /*Trend Micro Real-time Service*/@ = C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
TmPfw /*Trend Micro Personal Firewall*/@ = C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
tmproxy /*Trend Micro Proxy Service*/@ = C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
Vongo Service /*Vongo Service*/@ = C:\Program Files\Vongo\VongoService.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hpWirelessAssistantC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe = C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@nwiznwiz.exe /installquiet /nodetect /*file not found*/ = nwiz.exe /installquiet /nodetect /*file not found*/
@High Definition Audio Property Page ShortcutCHDAudPropShortcut.exe = CHDAudPropShortcut.exe
@ccApp- /*file not found*/ = - /*file not found*/
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@QPService"C:\Program Files\HP\QuickPlay\QPService.exe" = "C:\Program Files\HP\QuickPlay\QPService.exe"
@HP Software UpdateC:\Program Files\Hp\HP Software Update\HPWuSchd2.exe = C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
@ISUSPM Startup"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
@ISUSScheduler"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
@QlbCtrl%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/ = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start /*file not found*/
@CpqsetC:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ? ??,?@ ???X? R?@ ,?@ = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ? ??,?@ ???X? R?@ ,?@
@RecGuardC:\Windows\SMINST\RecGuard.exe /*file not found*/ = C:\Windows\SMINST\RecGuard.exe /*file not found*/
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
@pccguide.exe"C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" = "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@!AVG Anti-Spyware"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Aim6"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
@Microsft Windows Adapter 5.1.3013C:\Documents and Settings\usr1\Application Data\bfdwzd.exe /*file not found*/ = C:\Documents and Settings\usr1\Application Data\bfdwzd.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{771A9DA0-731A-11CE-993C-00AA004ADB6C} /*VBPropSheet*/C:\Program Files\Trend Micro\Internet Security 2007\VBProp.dll = C:\Program Files\Trend Micro\Internet Security 2007\VBProp.dll
@{48F45200-91E6-11CE-8A4F-0080C81A28D4} /*TMD Shell Extension*/C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll = C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
ExplorerWAS@{4567AB12-EDED-4675-AF10-BA15EDDB4D7A} = C:\Program Files\WinAntiSpyware 2007\shellext.dll /*file not found*/

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{48F45200-91E6-11CE-8A4F-0080C81A28D4} = C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{48F45200-91E6-11CE-8A4F-0080C81A28D4} = C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop = http://ie.redirect.h...a...n&pf=laptop
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft...p...ER}&ar=home
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.com/ = http://www.msn.com/
@Local PageC:\windows\system32\blank.htm = C:\windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup = HP Photosmart Premier Fast Start.lnk

---- EOF - GMER 1.0.13 ----

#25 Noviciate

Noviciate

    Retired WTT Teacher

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,907 posts

Posted 08 November 2007 - 02:58 PM

Run the following online scan: Panda ActiveScan.
  • Please note that IE is required to run this scan.
  • You will need to fill in the "Country, region, email address" information before you can download and install the ActiveX components necessary to run the scan.
  • Decide whether you want to click the radio button underneath this part that says -
    "I do not want to receive marketing information from Panda Software and/or its International Representatives where applicable." - it's your choice!
  • When you are asked to "Select a device to scan...", click on "My Computer".
When the scan has finished, click See Report > Save Report which by default will save the scan results as Activescan.txt in My Documents.

Copy and paste the result of the above scan into your next reply along with a fresh HJT log AND a description of how your PC is running.

If the pop-ups still occur, let me know some more about them. What do they say, when do they appear (online or offline), anything that may point to their origin.
Death to the salad eaters!

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users