PDA

View Full Version : Famous Smitfraud toolbar !!



Dsijion
2007-06-13, 23:06
I don't know alot about this, but I usualy use Spybot S and D and it usualy do the job.

So... I've read alot for threat post and reply about this famous problem and tried alot of different thing.

I have
- Vundofix.exe
- Spybot S and D
- AVG anti-Spyware
- AFT-Cleaner
- SmitfraudFix
and I just learned that Hijack it exist so I will post the log after... Like I see that every one does that.

Every programs should be up to date.

The fact is that what ever what I do... (all of thoses programs) at the end... I alwais get the Smitfraud toolbar in Spybot S&D... can delete it... but come back right after.

I went to manually deleate in Local_machine the MSSMGR folder concerned (I guess)... but same thing... reapeared.

I know about safe mode and easy stuff... but I someone want to help me... I'm prabably easy to lost.

I don't know if this is important, but now I'm on a laptop... not on that computer. I use a usb Drive... cuz as soon as I start something one the other computer, I recieved pop ups about PC protections and stuff... I also got The Canadian national song !!!! weird !

I hope my english is okay... whatever... I will understand you well.


So... this is what HiJack gave me:

Logfile of HijackThis v1.99.1
Scan saved at 15:26:13, on 2007-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\smgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\COMMON~1\PPPATC~1\services.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A2BD6B4-13D3-4D2A-B78E-899FABE77BB0} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {11149E2B-450A-45E3-A750-452DDBB8B7F0} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\qommjge.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O2 - BHO: (no name) - {CE07156F-D08E-DE28-8A0C-83ADDBE6759A} - C:\WINDOWS\system32\ajrtvpch.dll
O2 - BHO: (no name) - {CF07156A-D2D2-DA7E-DF0C-83ADDBE67592} - C:\WINDOWS\system32\diwwfy.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\puosdtkx.dll (file missing)
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\svwtvbka.dll",realset
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IoxERTbsX] tsdilang.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Bbet] "C:\PROGRA~1\COMMON~1\PPPATC~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Intpt] C:\WINDOWS\system32\?ppPatch\w?auclt.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: 57.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O20 - Winlogon Notify: xxyayxw - xxyayxw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Oh !! and if you see some programs that is weird... tell me... I will earease it... The fact is that I'm not alone with this computer and I don't alwais know what is in it !

Thanks in advence.
Benoit

Dsijion
2007-06-14, 01:06
One last thing... I've read that (in an other thread) it's better to not beeing connected to Internet so that's why I'm writhing from a different computer, and that's also why I haven't make the Internet Scan...

.. somtimes, when I search some info about that problem on the Internet, it's getting so slow and jammmm like... after 6-7 minutes so... Do you really need the Internet scan ??

Dsijion
2007-06-14, 19:10
I don't know if this is possible... but.

Is this possible for you guy to whrite a standard protocol ant-smitfraud. I mean... is this possible to give us 5-6 clean-up program or a way to proceed. That would be very usefull I think... because pretty 1 thread on 2 is about this simtfraud.

And by this way, I guess it will help us having a pretty easier problem to resolve. So... before sending you our HiJack it log... what sould we do..

Internet scan... even if computer freeze cuz of simtfraud
vundo
killer box
ADV
spybot

maybe I'm wrong... tell me if this is useless... I'm just tring to help you cuz you looks in a rush helping peaple cuz of this simtfraud.

By the way... yes I'm infected too... waiting a reply of how to start resolving my problem

Sincerly
Benoit

Mr_JAk3
2007-06-14, 22:27
Hello Dsijion and welcome to the Forums :)

I must warn that one or more of the identified infections is a backdoor trojan :sick:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

I can help you in the cleaning if you don't want to reformat but there is a possibility that we can't get you 100% clean.

Please let us know what you have decided to do in your next post:bigthumb:

tashi
2007-06-15, 16:33
Is this possible for you guy to whrite a standard protocol ant-smitfraud. I mean... is this possible to give us 5-6 clean-up program or a way to proceed. That would be very usefull I think... because pretty 1 thread on 2 is about this simtfraud.


Sorry for edging in but as I just merged your second topic into this one. :fear:

We did have a self help sticky topic for the so-called Smitfraud family of hijackers.

However, as you can see by the analysis of your log by Mr_JAk3, it became preferable to analyse each situation one by one.

Regards.

Dsijion
2007-06-16, 06:55
Will try to clean up the smitfraud if possible... about the reformat thing... I'll see... It could be a good thing, but right now, I don't have the time to reformat and reinslat everything so... !

So yeah... you can tell me like... a tons of steps to follows if you don't need any Hijack it log (update).

And about bank acount and everything... I will just not use this computer again if we can't clean it perfectly.

So yeah... I have the full week end for this so, if you e-mail me a answer soon, I will send you upates before 4 O'clock here in Montreal ;)
..

Oh... and is this possible that I've got it from a music Old movie torrent or from a Key gen that I tryed ?? :oops: What it could be ??
Thanks !

and thanks again !

Benoit

Mr_JAk3
2007-06-16, 14:42
I'll be happy to help you with the cleaning :bigthumb:


Oh... and is this possible that I've got it from a music Old movie torrent or from a Key gen that I tryed ??
This is very likely. Keygens, cracks etc are illegal and get you infected.

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.zip) and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

In Safe Mode, right click the SDFix.zip folder and choose Extract All,
Open the extracted folder and double click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
Please post the contents of C:\vundofix.txt too

Dsijion
2007-06-16, 20:36
I'va already scaned for vundo before.... this time... no vundo were found. I will send you the vundo.txt anyway.

About the safe mode, when I type F8, it just ask me wich drive I want to boot from... so I just did Run/msconfig/boot.ini safe mode and restarted. Idid the SDFix scan and it rebooted in safe mode so I've went back to msconfig and restarted to normal mode... and than... the program finnaly finished the job. I HOPE the way I start in safe mode won.t change something.

_______________________________________________
Vundo:


VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 13:56:57 2007-06-13

Listing files found while scanning....

C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.ini
C:\windows\system32\opnnlii.dll
C:\WINDOWS\system32\pmkjj.dll
C:\windows\system32\puosdtkx.dll
C:\windows\system32\qommjge.dll
C:\windows\system32\urqppmn.dll
C:\windows\system32\urqpqop.dll
C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\awvtu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkmp.bak1
C:\WINDOWS\system32\jjkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini Has been deleted!

Attempting to delete C:\windows\system32\opnnlii.dll
C:\windows\system32\opnnlii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Could not be deleted.

Attempting to delete C:\windows\system32\puosdtkx.dll
C:\windows\system32\puosdtkx.dll Has been deleted!

Attempting to delete C:\windows\system32\qommjge.dll
C:\windows\system32\qommjge.dll Could not be deleted.

Attempting to delete C:\windows\system32\urqppmn.dll
C:\windows\system32\urqppmn.dll Has been deleted!

Attempting to delete C:\windows\system32\urqpqop.dll
C:\windows\system32\urqpqop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\utvwa.bak1
C:\WINDOWS\system32\utvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Could not be deleted.

Attempting to delete C:\windows\system32\qommjge.dll
C:\windows\system32\qommjge.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 14:27:03 2007-06-13

Listing files found while scanning....

C:\windows\system32\jjkmp.ini
C:\WINDOWS\system32\pmkjj.dll
C:\windows\system32\qommjge.dll

Beginning removal...

Attempting to delete C:\windows\system32\jjkmp.ini
C:\windows\system32\jjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjj.dll
C:\WINDOWS\system32\pmkjj.dll Has been deleted!

Attempting to delete C:\windows\system32\qommjge.dll
C:\windows\system32\qommjge.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 14:46:08 2007-06-13

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 12:43:59 2007-06-16

Listing files found while scanning....

No infected files were found.


Beginning removal...

Dsijion
2007-06-16, 20:37
SDFix Report:


SDFix: Version 1.88

Run by BenoŒt Daoust on 2007-06-16 at 12:56

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\BENOTD~1\Desktop\sdfix\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\MQ82PH~1.HTM - Deleted
C:\WINDOWS\avp.exe - Deleted
C:\WINDOWS\smgr.exe - Deleted
C:\WINDOWS\system32\sysmon32.exe - Deleted
C:\WINDOWS\system32\winsys.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\wr.txt - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS\
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe:*:Disabled:backWeb-8876480"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:M5Shell"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe"="C:\\Program Files\\Red Storm Entertainment\\Ghost Recon\\GhostRecon.exe:*:Enabled:GhostRecon"
"C:\\Program Files\\eDonkey2000\\edonkey2000.exe"="C:\\Program Files\\eDonkey2000\\edonkey2000.exe:*:Disabled:edonkey2000"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\BENOTD~1\Desktop\sdfix\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com
C:\Documents and Settings\BenoŒt Daoust\Local Settings\Application Data\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\ConflictDelete\02-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v12\Thumbs.db
C:\Program Files\ubi.com\Core\Images\Thumbs.db
C:\Program Files\ubi.com\Core\Skins\default\images\Thumbs.db
C:\Program Files\eRightSoft\SUPER\_Setup.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\WINDOWS\system32\avisynth.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\i420vfw.dll
C:\WINDOWS\system32\Smab.dll
C:\WINDOWS\system32\wodfamoh.dll
C:\WINDOWS\system32\yv12vfw.dll
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
C:\Program Files\Pc game - super mario bros.exe
C:\Program Files\Q312370_WXP_SP1_x86_ENU.exe
C:\Program Files\USB2.0.exe
C:\Program Files\xpsp1a_en_x86.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Common Files\?ppPatch\services.exe
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\Program Files\Internet Explorer\iexplore.exe.local
C:\Program Files\Microsoft Office\Office\winword.exe.local
C:\WINDOWS\meta4.exe
C:\WINDOWS\MOTA113.exe
C:\WINDOWS\x2.64.exe
C:\WINDOWS\system32\x.264.exe
C:\WINDOWS\system32\?ppPatch\w?auclt.exe
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys
C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS
C:\WINDOWS\system32\KGyGaAvL.sys

Listing User Accounts:

User accounts for \\Z

Administrator ASPNET BenoŒt Daoust
Guest HelpAssistant SUPPORT_388945a0


Finished

Dsijion
2007-06-16, 20:39
HiJackTgisLog:

Logfile of HijackThis v1.99.1
Scan saved at 13:29:10, on 2007-06-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PPPATC~1\services.exe
C:\WINDOWS\system32\?ppPatch\w?auclt.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A2BD6B4-13D3-4D2A-B78E-899FABE77BB0} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {11149E2B-450A-45E3-A750-452DDBB8B7F0} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O2 - BHO: (no name) - {8A61098D-612B-4EF2-943D-64E920684061} - C:\WINDOWS\system32\qommjge.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O2 - BHO: (no name) - {CE07156F-D08E-DE28-8A0C-83ADDBE6759A} - C:\WINDOWS\system32\ajrtvpch.dll
O2 - BHO: (no name) - {CF07156A-D2D2-DA7E-DF0C-83ADDBE67592} - C:\WINDOWS\system32\diwwfy.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\puosdtkx.dll (file missing)
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\svwtvbka.dll",realset
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IoxERTbsX] tsdilang.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Bbet] "C:\PROGRA~1\COMMON~1\PPPATC~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Intpt] C:\WINDOWS\system32\?ppPatch\w?auclt.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - AppInit_DLLs: 57.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winzdn32 - C:\WINDOWS\SYSTEM32\winzdn32.dll
O20 - Winlogon Notify: xxyayxw - xxyayxw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I had to plit in tree reply !!! pretty long message !

Thanks for your help... so appreciate ! :angel:

Mr_JAk3
2007-06-17, 18:21
Hello :)

Ok I need a one more log...

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Dsijion
2007-06-18, 21:19
Nice!!

so there is the ComboFixLog:

ComboFix 07-06-17 - C:\Documents and Settings\BenoŒt Daoust\Desktop\ComboFix.exe
"BenoŒt Daoust" - 2007-06-18 12:57:02 - Service Pack 2 NTFS


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\svwtvbka.dll
C:\WINDOWS\system32\winzdn32.dll
C:\WINDOWS\system32\akbvtwvs.ini


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\pppatc~1
C:\Program Files\Common Files\pppatc~1\services.exe
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\install.log
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\system32\pppatc~1
C:\WINDOWS\system32\pppatc~1\w?auclt.exe
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll
C:\WINDOWS\system32\winsys64.exe
C:\WINDOWS\wnsxs~1


((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))


2007-06-18 12:46 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-13 13:56 <DIR> d-------- C:\VundoFix Backups
2007-06-13 13:56 <DIR> d-------- C:\HJT
2007-06-13 12:04 93,696 --a------ C:\WINDOWS\system32\drvhad.dll
2007-06-13 02:18 93,696 --a------ C:\WINDOWS\system32\drvwuk.dll
2007-06-13 02:18 60,928 --a------ C:\WINDOWS\system32\ajrtvpch.dll
2007-06-13 02:18 2 --a------ C:\WINDOWS\system32\wcpisu.exe
2007-06-12 18:24 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-12 17:32 <DIR> d-------- C:\Program Files\WinPop
2007-06-12 16:35 <DIR> C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
2007-06-12 15:06 <DIR> d-------- C:\Program Files\SymNetDrv
2007-06-12 14:50 83,208 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-12 14:50 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-12 14:50 2,397 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-06-12 11:38 57,344 --a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\gtcfaxaz.exe
2007-06-04 01:20 <DIR> d-------- C:\Program Files\foobar2000
2007-06-04 01:20 <DIR> d-------- C:\DOCUME~1\BENOTD~1\APPLIC~1\foobar2000
2007-05-28 15:52 <DIR> d-------- C:\Program Files\Apple Software Update
2007-05-28 15:51 <DIR> d-------- C:\Program Files\InterVideo Information Service
2007-05-28 15:51 <DIR> d-------- C:\Program Files\Common Files\Ulead
2007-05-28 15:50 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-05-28 15:49 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-05-28 15:49 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-05-28 15:49 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-05-28 15:49 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-05-28 15:49 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-05-28 15:49 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-05-28 15:49 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-05-28 15:49 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-05-28 15:49 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-05-28 15:49 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-05-28 15:49 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-05-28 15:49 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-05-28 15:49 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-05-28 15:49 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-05-27 22:32 817,664 ---h----- C:\WINDOWS\system32\wodfamoh.dll
2007-05-27 22:27 <DIR> d-------- C:\Program Files\Abrosoft
2007-05-27 21:56 <DIR> d-------- C:\Program Files\Debugmode
2007-05-27 21:56 <DIR> d-------- C:\Program Files\Common Files\debugmode


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-13 17:48:10 4,704 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-12 19:07:06 -------- d-----w C:\Program Files\Symantec
2007-06-12 19:06:12 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-12 19:00:25 -------- d-----w C:\Program Files\Norton SystemWorks
2007-06-12 16:19:59 -------- d-----w C:\DOCUME~1\BENOTD~1\APPLIC~1\uTorrent
2007-05-28 19:53:32 -------- d-----w C:\Program Files\QuickTime
2007-05-28 19:51:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-28 19:49:57 -------- d-----w C:\Program Files\InterVideo
2007-05-28 19:49:57 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-28 21:07:49 -------- d-----w C:\Program Files\MSN Messenger
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-05-13 22:12:00 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 16:13:58 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-14 02:27:00 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-08 00:14:52 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 17:31:20 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 20:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-22 03:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2004-01-19 02:44:29 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-04-27 15:24:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 18:16:22 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-25 05:00:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 01:47]
{0A2BD6B4-13D3-4D2A-B78E-899FABE77BB0}=C:\WINDOWS\system32\pmkjj.dll []
{11149E2B-450A-45E3-A750-452DDBB8B7F0}=C:\WINDOWS\system32\awvtu.dll []
{432CAE3B-690F-4C3B-BD97-070EBDA210D5}=C:\Program Files\Foxie Suite\foxietoolbaru.dll [2005-11-27 12:09]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}=C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll []
{AE7CD045-E861-484f-8273-0445EE161910}=C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 02:03]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-27 14:19]
{BDF3E430-B101-42AD-A544-FADC6B084872}=C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll [2003-08-17 19:34]
{C65185B1-D52B-44A9-861F-8201B50D1F37}=C:\Program Files\Foxie Suite\foxiecoreu.dll [2005-11-27 12:19]
{CE07156F-D08E-DE28-8A0C-83ADDBE6759A}=C:\WINDOWS\system32\ajrtvpch.dll [2007-05-21 09:59]
{CF07156A-D2D2-DA7E-DF0C-83ADDBE67592}=C:\WINDOWS\system32\diwwfy.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2004-01-27 23:21]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2002-06-13 18:21]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 14:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 04:51]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 04:50]
"QMusic2"="C:\Program Files\BenQ\QMusic2\QMAgent.exe" [2004-10-04 16:11]
"StartFoxie"="C:\Program Files\Foxie Suite\StartFoxie.exe" [2005-11-09 10:23]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-20 18:56]
"seekmo"="c:\program files\seekmo\seekmo.exe" []
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"gtcfaxaz.exe"="C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe" [2007-06-12 11:38]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-08-14 20:59]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2003-05-28 19:11]
"AcctMgr"="C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe" [2003-12-10 15:56]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-12 15:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]
"IoxERTbsX"="tsdilang.exe" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-28 01:59]
"Bbet"="C:\PROGRA~1\COMMON~1\PPPATC~1\services.exe" []
"Intpt"="C:\WINDOWS\system32\?ppPatch\w?auclt.exe" []
"WinPop"="C:\Program Files\WinPop\winpop.exe" [2007-06-12 17:32]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 08:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyayxw]
xxyayxw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=57.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MSI Media Center Deluxe II.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSI Media Center Deluxe II.lnk
backup=C:\WINDOWS\pss\MSI Media Center Deluxe II.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr]
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup


Contents of the 'Scheduled Tasks' folder
2007-06-16 17:41:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-12 19:02:49 C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
2007-06-12 18:51:21 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
2007-06-16 04:00:00 C:\WINDOWS\tasks\Symantec Drmc.job
2007-06-18 18:02:00 C:\WINDOWS\tasks\Symantec NetDetect.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-18 13:48:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\system\Services\SharedAccess]

Completion time: 2007-06-18 14:05:18 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-18 14:04

--- E O F ---

Dsijion
2007-06-18, 21:25
Oh ! and you didn't ask for a fresh HiJack This Log... but I just did one so...
and I just hada C++ or something like that (error message) during the reboot scan of combo fix... I think it's Norton... Whatever.. I will probably uninstal Norton a take a free anti-virus that is listed in other threads ;)

There is the HJT Log if you need it ! : :D:

Logfile of HijackThis v1.99.1
Scan saved at 14:15:14, on 2007-06-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A2BD6B4-13D3-4D2A-B78E-899FABE77BB0} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {11149E2B-450A-45E3-A750-452DDBB8B7F0} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O2 - BHO: (no name) - {CE07156F-D08E-DE28-8A0C-83ADDBE6759A} - C:\WINDOWS\system32\ajrtvpch.dll
O2 - BHO: (no name) - {CF07156A-D2D2-DA7E-DF0C-83ADDBE67592} - C:\WINDOWS\system32\diwwfy.dll (file missing)
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IoxERTbsX] tsdilang.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Bbet] "C:\PROGRA~1\COMMON~1\PPPATC~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Intpt] C:\WINDOWS\system32\?ppPatch\w?auclt.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: 57.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: xxyayxw - xxyayxw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Mr_JAk3
2007-06-19, 21:23
OK good :)

We'll need to scan one file before we'll continue with the cleaning.


Go to virustotal.com (http://www.virustotal.com)
Copy the following to the box next to "Browse" button:
C:\WINDOWS\system32\wodfamoh.dll
Click on Send
Wait for the scan to end.

Copy & Paste the scan results to here.

Dsijion
2007-06-21, 00:25
no virus found:
:bigthumb:

_________________________
STATUS: FINISHEDComplete scanning result of "wodfamoh.dll", received in VirusTotal at 06.20.2007, 23:16:05 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.20.1 06.20.2007 no virus found
AntiVir 7.4.0.34 06.20.2007 no virus found
Authentium 4.93.8 06.19.2007 no virus found
Avast 4.7.997.0 06.20.2007 no virus found
AVG 7.5.0.467 06.20.2007 no virus found
BitDefender 7.2 06.20.2007 no virus found
CAT-QuickHeal 9.00 06.20.2007 no virus found
ClamAV devel-20070416 06.20.2007 no virus found
DrWeb 4.33 06.20.2007 no virus found
eSafe 7.0.15.0 06.20.2007 no virus found
eTrust-Vet 30.8.3730 06.20.2007 no virus found
Ewido 4.0 06.20.2007 no virus found
FileAdvisor 1 06.20.2007 No threat detected
Fortinet 2.91.0.0 06.20.2007 no virus found
F-Prot 4.3.2.48 06.19.2007 no virus found
F-Secure 6.70.13030.0 06.20.2007 no virus found
Ikarus T3.1.1.8 06.20.2007 no virus found
Kaspersky 4.0.2.24 06.20.2007 no virus found
McAfee 5057 06.20.2007 no virus found
Microsoft 1.2607 06.20.2007 no virus found
NOD32v2 2341 06.20.2007 no virus found
Norman 5.80.02 06.20.2007 no virus found
Panda 9.0.0.4 06.20.2007 no virus found
Prevx1 V2 06.20.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.16.2007 no virus found
Symantec 10 06.20.2007 no virus found
TheHacker 6.1.6.136 06.20.2007 no virus found
VBA32 3.12.0.2 06.20.2007 no virus found
VirusBuster 4.3.23:9 06.20.2007 no virus found
Webwasher-Gateway 6.0.1 06.20.2007 no virus found


Aditional Information
File size: 817664 bytes
MD5: b9ebf5a4b313a78eba3cfb723cce984d
SHA1: 2cee7dddbcc9ebfdf4c9047dffa795ab8fbf8fcc
packers: ASPACK
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=b9ebf5a4b313a78eba3cfb723cce984d
packers: Aspack

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

Dsijion
2007-06-21, 00:29
I have a bran new problem when opening my computer... Is this need a Windows repair or something... or is this have a link with what have been done or erased ?

This is a link of the printscreen:
http://img519.imageshack.us/img519/5668/microsoftvisualcruntimelr2.jpg

If that link dosen't work, this is the direct link:
http://img519.imageshack.us/img519/5668/microsoftvisualcruntimelr2.jpg

What is that ??

Dsijion
2007-06-21, 00:32
It's Norton... well... wich anti-virus is the best (free) and will this message will stop appering if I uninstal Norton ? That is the final question... sorry for the third post.. don't find anyway to edit my post. :oops:

Have a nice day !!

Mr_JAk3
2007-06-21, 22:35
Hi again, we'll continue :)

OK a norton repair install might be needed.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Open AVG Anti-Spyware:
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

Make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

==================

Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:

WinPop
seekmo

and any other programs you didn't install or don't recognize - if your not sure please ask first
Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.

gtcfaxaz.exe
winpop.exe

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O2 - BHO: (no name) - {0A2BD6B4-13D3-4D2A-B78E-899FABE77BB0} - C:\WINDOWS\system32\pmkjj.dll (file missing)
O2 - BHO: (no name) - {11149E2B-450A-45E3-A750-452DDBB8B7F0} - C:\WINDOWS\system32\awvtu.dll (file missing)
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O2 - BHO: (no name) - {CE07156F-D08E-DE28-8A0C-83ADDBE6759A} - C:\WINDOWS\system32\ajrtvpch.dll
O2 - BHO: (no name) - {CF07156A-D2D2-DA7E-DF0C-83ADDBE67592} - C:\WINDOWS\system32\diwwfy.dll (file missing)
O3 - Toolbar: (no name) - {53E0B6E8-A51D-448B-B692-40B67B285543} - (no file)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll (file missing)
O4 - HKLM\..\Run: [seekmo] "c:\program files\seekmo\seekmo.exe"
O4 - HKLM\..\Run: [gtcfaxaz.exe] C:\Documents and Settings\All Users\Application Data\gtcfaxaz.exe
O4 - HKCU\..\Run: [IoxERTbsX] tsdilang.exe
O4 - HKCU\..\Run: "C:\PROGRA~1\COMMON~1\PPPATC~1\services.exe" -vt yazb
O4 - HKCU\..\Run: [Intpt] C:\WINDOWS\system32\?ppPatch\w?auclt.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O20 - AppInit_DLLs: 57.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: xxyayxw - xxyayxw.dll (file missing)

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.

Go to the My Computer and delete the following files (if present):
C:\WINDOWS\system32\drvhad.dll
C:\WINDOWS\system32\drvwuk.dll
C:\WINDOWS\system32\ajrtvpch.dll
C:\WINDOWS\system32\wcpisu.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\gtcfaxaz.exe

Go to the My Computer and delete the following folders (if present):
C:\Program Files\WinPop
c:\program files\seekmo

Use the Windows search Start
Search
All files and folders
More advanced options Checkmark these options: "Search system folders"
"Search hidden files and folders"
"Search subfolders"
Search for this and delete if found: 57.dll


Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on[b] Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Rigthclick on this file;C:\WINDOWS\system32\wodfamoh.dll
Click on Properties
What does it say under Version, Copyrigth, Company?


================

When you're ready, please post the following logs to here:
- AVG's report
- a fresh HijackThis log

Dsijion
2007-06-24, 21:12
Okay... I've tried alot of things....

First, to ge the list of programs that are instaled, I had to download from the Internet the dll file.. run32.dll something like that.

After that, did step by steps what you ask me to do.

I'va verified if something like 57.dll exist in my computer,... nothing but this:
http://img48.imageshack.us/img48/8971/57dllir8.jpg
Do I deleate it ?... is this already into a quarantaine ? what do I do with it ?

After that... I've scaned and checked in HiJackIt what you ask and when fixing, it gave me this message... I've rescaned and every checked thing was fixed... I think... I'm I right ?
[img=http://img233.imageshack.us/img233/7829/hijackitbe8.jpg]

And Finally, I've tried to scan AVG in safe mode... it tells me that it dosen't find something... to reinstall... I've reinstaled (in safe mode) same thing... this is the message.
[img=http://img514.imageshack.us/img514/2691/avgbz6.jpg]
So... I've tried to scan it in normal mode... with all the settings you ask... but... I'm disconnected from the Internet to I think... help fixing... so maybethat why, but the change state thing that you ask me... can't change it... but look fine. Whatever... the problem is that at 1/5 of the scan, it jam on a help file of Photoshop 6.0... real jam... like looks like it's a huge file, but went to take a look to those files... it's like 69ko. The first 1/5 of the scan gave me like 9 things to erease so... I'd like to scan the rest... how ? what can I do.

So much little problems this time... Do I need to be connected on the Internet?... do I need to go one safe mode my typing F8... cuz I go from the msconfig. (F8 send me to a boot choice :S )

Well... still not connected to the Internet... will wait you answer and try to do my best.

:bigthumb:

Dsijion
2007-06-24, 21:15
:sick: Copy the links and paste it if you want to see the images... I make a lil mistake on the two last one.... :sick:

Do I really can't edit my post ?

Mr_JAk3
2007-06-24, 21:19
Hello :)

Ok don't worry, we'll try another scanner then if AVG doesn't complete. You may continue with the other instructions but just replace AVG run with this:

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.


Also no need to delete that 57.dll at the moment as Spybot has already quarantined it.

Dsijion
2007-06-27, 04:07
after only 30 seconds... it found 1 viruse and 8 suspicious objects... it's running... will reply as soon as it finish.

Hope that the said virus is not too bad !!!

:sick:

Dsijion
2007-06-27, 06:38
:mad: same thing :mad:

It just start perfectly and jam at every .html photoshop 6.0 help files...

like 1 file every 30 minutes and it have like 50 files so...

can I just scan everything but this help folder ?? ... ... without selecting every programs folders ?

maybe if I select all but without the html files... whatever... there is not only html files that jam.

there were 5 virus and more than 10 objects infected and/or suspicious so I think it's a good thing to scan everything.

Oh... and my Internet is pretty slow sometimes but no more popups... much better... but still something !

Thanks again... haha... and... what can I do !?!?!

Mr_JAk3
2007-06-27, 18:36
Hi :)

Maybe you need to give some time for the scanning. It would propably be best to let the scan run at night when you sleep. Just remember to disable any powersaving/autoshutdowns...


We'll try with this scanner then, give it time to run:

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log

Dsijion
2007-06-27, 22:39
There it is !

Process.exe
Process.exe
restart.exe
GoogleUpdaterInstallMgr.exe
VBAOL10.CHM\html/olobjAddressEntries.htm
VBAOL10.CHM
Yazzle1162OinAdmin.exe.vir
svwtvbka.dll.vir
winsys64.exe.vir
winzdn32.dll.vir
WAUCLT~1.VIR
A0225662.exe
A0229909.dll
A0229915.exe
A0230898.dll
A0230948.dll
A0230949.exe
A0230967.dll
A0230968.dll
A0230969.dll
A0230970.dll
A0231035.DLL
A0231838.dll
A0231839.dll
A0231892.exe
A0231893.exe
A0231894.exe
A0231924.exe
A0231928.exe
A0231930.exe
A0231931.dll
A0231932.dll
A0232007.exe
A0232009.exe
A0232010.exe
A0232189.dll
A0232190.dll
A0233243.exe
opnnlii.dll.bad
pmkjj.dll.bad
puosdtkx.dll.bad
qommjge.dll.bad
urqppmn.dll.bad
urqpqop.dll.bad
Process.exe


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 15:32:09, on 2007-06-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hope it did a great job !! ... look's like

Dsijion
2007-06-27, 23:09
Oh... and I've scan and fixed this... !!

http://img411.imageshack.us/img411/2731/spybotky4.jpg
Shot at 2007-06-27

Mr_JAk3
2007-06-28, 22:29
Hello :)

How is the computer running now?

DrWeb removed or quarantined the found infections, right?

Dsijion
2007-07-03, 05:35
no more pop ups... but my Internet is crazy slow... for no reason !!

A Technician came to my house to change a connectionn (outside... there were a connection with water in it... whatever) and only after that I've connected my computer to the Internet and scaned it.

Now... It's crazy slow... like... I waiting for basic stuff like Google or you forum...

If you have a way to tcheck if there is an other virus problem tell me... On my side... I will contact the web companie and ask them how is my sgnal.

:sick:

Mr_JAk3
2007-07-03, 19:20
OK in that case we'll need to do some more research....

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

Dsijion
2007-07-04, 06:58
I've erease every "space" caracter cuz I had like 15X too much caracter for this forum... and it was unreadable.

Hope it's fine for you... and about the "please don't select the "show all"... it was already so... tell me what you need and I can rescan it if you want. Or what you don't need.

so....
There it is:
______________________________________________

GMER1.0.13.12551-http://www.gmer.net
Rootkitscan2007-07-0323:48:08
Windows5.1.2600ServicePack2


----System-GMER1.0.13----

SSDTE1DB95F8ZwConnectPort
SSDTsptd.sysZwCreateKey
SSDTsptd.sysZwEnumerateKey
SSDTsptd.sysZwEnumerateValueKey
SSDTsptd.sysZwOpenKey
SSDT\??\C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.sysZwOpenProcess
SSDTsptd.sysZwQueryKey
SSDTsptd.sysZwQueryValueKey
SSDTsptd.sysZwSetValueKey
SSDT\??\C:\ProgramFiles\Grisoft\AVGAnti-Spyware7.5\guard.sysZwTerminateProcess

----Kernelcodesections-GMER1.0.13----

?C:\WINDOWS\system32\drivers\sptd.sysTheprocesscannotaccessthefilebecauseitisbeingusedbyanotherprocess.
.textUSBPORT.SYS!DllUnloadF640462C5BytesJMP868F91B8
?System32\Drivers\a2qg05ax.SYSThesystemcannotfindthepathspecified.

----KernelIAT/EAT-GMER1.0.13----

IAT\WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt][F73C0580]sptd.sys
IATpci.sys[ntoskrnl.exe!IoDetachDevice][F73C052C]sptd.sys
IATpci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack][F73DAAB8]sptd.sys
IATatapi.sys[ntoskrnl.exe!IoConnectInterrupt][F73C0580]sptd.sys
IATatapi.sys[HAL.dll!READ_PORT_UCHAR][F73ACABA]sptd.sys
IATatapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT][F73ACC00]sptd.sys
IATatapi.sys[HAL.dll!READ_PORT_USHORT][F73ACB82]sptd.sys
IATatapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT][F73AD72E]sptd.sys
IATatapi.sys[HAL.dll!WRITE_PORT_UCHAR][F73AD604]sptd.sys

----Devices-GMER1.0.13----

Device\FileSystem\Ntfs\NtfsIRP_MJ_CREATE86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_CLOSE86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_READ86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_WRITE86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_INFORMATION86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_INFORMATION86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_EA86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_EA86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_FLUSH_BUFFERS86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_VOLUME_INFORMATION86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_VOLUME_INFORMATION86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_DIRECTORY_CONTROL86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_FILE_SYSTEM_CONTROL86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_DEVICE_CONTROL86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SHUTDOWN86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_LOCK_CONTROL86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_CLEANUP86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_SECURITY86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_SECURITY86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_QUOTA86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_SET_QUOTA86B5E1D8
Device\FileSystem\Ntfs\NtfsIRP_MJ_PNP86B5E1D8

AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CREATE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CREATE_NAMED_PIPE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CLOSE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_READ[F45800D0]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_WRITE[F45803E0]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_EA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_EA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_FLUSH_BUFFERS[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_VOLUME_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_VOLUME_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_DIRECTORY_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_FILE_SYSTEM_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_DEVICE_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_INTERNAL_DEVICE_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SHUTDOWN[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_LOCK_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CLEANUP[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_CREATE_MAILSLOT[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_SECURITY[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_SECURITY[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_POWER[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SYSTEM_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_DEVICE_CHANGE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_QUERY_QUOTA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Ntfs\NtfsIRP_MJ_SET_QUOTA[F4580340]SYMEVENT.SYS

Device\FileSystem\Fastfat\FatCdromIRP_MJ_CREATE867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_CLOSE867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_READ867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_WRITE867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_QUERY_INFORMATION867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_SET_INFORMATION867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_QUERY_EA867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_SET_EA867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_FLUSH_BUFFERS867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_QUERY_VOLUME_INFORMATION867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_SET_VOLUME_INFORMATION867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_DIRECTORY_CONTROL867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_FILE_SYSTEM_CONTROL867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_DEVICE_CONTROL867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_SHUTDOWN867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_LOCK_CONTROL867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_CLEANUP867E5838
Device\FileSystem\Fastfat\FatCdromIRP_MJ_PNP867E5838

AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CREATE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CREATE_NAMED_PIPE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CLOSE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_READ[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_WRITE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_FLUSH_BUFFERS[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_DIRECTORY_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_FILE_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_INTERNAL_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SHUTDOWN[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_LOCK_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CLEANUP[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_CREATE_MAILSLOT[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_POWER[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_DEVICE_CHANGE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_QUERY_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\IpIRP_MJ_SET_QUOTA[F45D5A70]SYMTDI.SYS

Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-0IRP_MJ_PNP869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-1IRP_MJ_PNP869A51D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_CREATE86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_CLOSE86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_READ86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_WRITE86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_FLUSH_BUFFERS86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_INTERNAL_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_SHUTDOWN86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_POWER86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_SYSTEM_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmIoDaemonIRP_MJ_PNP86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_CREATE86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_CLOSE86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_READ86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_WRITE86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_FLUSH_BUFFERS86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_INTERNAL_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_SHUTDOWN86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_POWER86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_SYSTEM_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmConfigIRP_MJ_PNP86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_CREATE86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_CLOSE86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_READ86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_WRITE86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_FLUSH_BUFFERS86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_INTERNAL_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_SHUTDOWN86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_POWER86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_SYSTEM_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmPnPIRP_MJ_PNP86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_CREATE86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_CLOSE86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_READ86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_WRITE86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_FLUSH_BUFFERS86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_INTERNAL_DEVICE_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_SHUTDOWN86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_POWER86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_SYSTEM_CONTROL86BD11D8
Device\Driver\dmio\Device\DmControl\DmInfoIRP_MJ_PNP86BD11D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-2IRP_MJ_PNP869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBPDO-3IRP_MJ_PNP869A51D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_CREATE8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_CLOSE8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_DEVICE_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_INTERNAL_DEVICE_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_POWER8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_SYSTEM_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBPDO-4IRP_MJ_PNP8698E1D8

AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CREATE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CREATE_NAMED_PIPE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CLOSE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_READ[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_WRITE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_FLUSH_BUFFERS[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_DIRECTORY_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_FILE_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_INTERNAL_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SHUTDOWN[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_LOCK_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CLEANUP[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_CREATE_MAILSLOT[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_POWER[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_DEVICE_CHANGE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_QUERY_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\TcpIRP_MJ_SET_QUOTA[F45D5A70]SYMTDI.SYS

Dsijion
2007-07-04, 06:59
Device\Driver\00000127\Device\00000056IRP_MJ_POWER[F73BAD74]sptd.sys
Device\Driver\00000127\Device\00000056IRP_MJ_SYSTEM_CONTROL[F73D42A2]sptd.sys
Device\Driver\00000127\Device\00000056IRP_MJ_PNP[F73D5228]sptd.sys
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume1IRP_MJ_PNP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume2IRP_MJ_PNP86B601D8
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_CREATE86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_CLOSE86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_READ86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_WRITE86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_FLUSH_BUFFERS86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_INTERNAL_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_SHUTDOWN86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_POWER86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_SYSTEM_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom0IRP_MJ_PNP86987560
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume3IRP_MJ_PNP86B601D8
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_CREATE86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_CLOSE86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_READ86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_WRITE86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_FLUSH_BUFFERS86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_INTERNAL_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_SHUTDOWN86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_POWER86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_SYSTEM_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom1IRP_MJ_PNP86987560
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort0IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort1IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort2IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdePort3IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP3T0L0-19IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T1L0-2dIRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP2T0L0-eIRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP1T0L0-25IRP_MJ_PNP86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_CREATE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_CLOSE86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_INTERNAL_DEVICE_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_POWER86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_SYSTEM_CONTROL86B5F1D8
Device\Driver\atapi\Device\Ide\IdeDeviceP0T1L0-3IRP_MJ_PNP86B5F1D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\HarddiskVolume4IRP_MJ_PNP86B601D8
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_CREATE86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_CLOSE86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_READ86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_WRITE86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_FLUSH_BUFFERS86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_INTERNAL_DEVICE_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_SHUTDOWN86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_POWER86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_SYSTEM_CONTROL86987560
Device\Driver\Cdrom\Device\CdRom2IRP_MJ_PNP86987560
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_CREATE8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_CLOSE8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_INTERNAL_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_CLEANUP8664A7E8
Device\Driver\NetBT\Device\NetBT_Tcpip_{151B8397-9074-4B50-ADE0-4277C695473B}IRP_MJ_PNP8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_CREATE8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_CLOSE8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_INTERNAL_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_CLEANUP8664A7E8
Device\Driver\NetBT\Device\NetBt_Wins_ExportIRP_MJ_PNP8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_CREATE8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_CLOSE8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_INTERNAL_DEVICE_CONTROL8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_CLEANUP8664A7E8
Device\Driver\NetBT\Device\NetbiosSmbIRP_MJ_PNP8664A7E8

AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CREATE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CREATE_NAMED_PIPE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CLOSE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_READ[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_WRITE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_FLUSH_BUFFERS[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_DIRECTORY_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_FILE_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_INTERNAL_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SHUTDOWN[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_LOCK_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CLEANUP[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_CREATE_MAILSLOT[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_POWER[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_DEVICE_CHANGE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_QUERY_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\UdpIRP_MJ_SET_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CREATE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CREATE_NAMED_PIPE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CLOSE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_READ[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_WRITE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_EA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_FLUSH_BUFFERS[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_VOLUME_INFORMATION[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_DIRECTORY_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_FILE_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_INTERNAL_DEVICE_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SHUTDOWN[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_LOCK_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CLEANUP[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_CREATE_MAILSLOT[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_SECURITY[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_POWER[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SYSTEM_CONTROL[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_DEVICE_CHANGE[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_QUERY_QUOTA[F45D5A70]SYMTDI.SYS
AttachedDevice\Driver\Tcpip\Device\RawIpIRP_MJ_SET_QUOTA[F45D5A70]SYMTDI.SYS

Dsijion
2007-07-04, 07:00
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-0IRP_MJ_PNP869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-1IRP_MJ_PNP869A51D8
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CREATE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CREATE_NAMED_PIPE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CLOSE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_READ86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_WRITE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_EA86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_EA86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_FLUSH_BUFFERS86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_VOLUME_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_VOLUME_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_DIRECTORY_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_FILE_SYSTEM_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_DEVICE_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_INTERNAL_DEVICE_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SHUTDOWN86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_LOCK_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CLEANUP86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_CREATE_MAILSLOT86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_SECURITY86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_SECURITY86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_POWER86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SYSTEM_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_DEVICE_CHANGE86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_QUERY_QUOTA86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_SET_QUOTA86651980
Device\FileSystem\MRxSmb\Device\LanmanDatagramReceiverIRP_MJ_PNP86651980
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-2IRP_MJ_PNP869A51D8
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CREATE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CREATE_NAMED_PIPE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CLOSE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_READ86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_WRITE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_EA86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_EA86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_FLUSH_BUFFERS86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_VOLUME_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_VOLUME_INFORMATION86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_DIRECTORY_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_FILE_SYSTEM_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_DEVICE_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_INTERNAL_DEVICE_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SHUTDOWN86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_LOCK_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CLEANUP86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_CREATE_MAILSLOT86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_SECURITY86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_SECURITY86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_POWER86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SYSTEM_CONTROL86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_DEVICE_CHANGE86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_QUERY_QUOTA86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_SET_QUOTA86651980
Device\FileSystem\MRxSmb\Device\LanmanRedirectorIRP_MJ_PNP86651980
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_CREATE869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_CLOSE869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_INTERNAL_DEVICE_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_POWER869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_SYSTEM_CONTROL869A51D8
Device\Driver\usbuhci\Device\USBFDO-3IRP_MJ_PNP869A51D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_CREATE86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_READ86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_WRITE86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_FLUSH_BUFFERS86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_INTERNAL_DEVICE_CONTROL86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_SHUTDOWN86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_CLEANUP86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_POWER86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_SYSTEM_CONTROL86B601D8
Device\Driver\Ftdisk\Device\FtControlIRP_MJ_PNP86B601D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_CREATE8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_CLOSE8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_DEVICE_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_INTERNAL_DEVICE_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_POWER8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_SYSTEM_CONTROL8698E1D8
Device\Driver\usbehci\Device\USBFDO-4IRP_MJ_PNP8698E1D8
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_CREATE86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_CLOSE86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_DEVICE_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_INTERNAL_DEVICE_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_POWER86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_SYSTEM_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1Port4Path0Target0Lun0IRP_MJ_PNP86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_CREATE86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_CLOSE86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_DEVICE_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_INTERNAL_DEVICE_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_POWER86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_SYSTEM_CONTROL86977980
Device\Driver\a2qg05ax\Device\Scsi\a2qg05ax1IRP_MJ_PNP86977980
Device\FileSystem\Fastfat\FatIRP_MJ_CREATE867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_CLOSE867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_READ867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_WRITE867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_QUERY_INFORMATION867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_SET_INFORMATION867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_QUERY_EA867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_SET_EA867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_FLUSH_BUFFERS867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_QUERY_VOLUME_INFORMATION867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_SET_VOLUME_INFORMATION867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_DIRECTORY_CONTROL867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_FILE_SYSTEM_CONTROL867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_DEVICE_CONTROL867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_SHUTDOWN867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_LOCK_CONTROL867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_CLEANUP867E5838
Device\FileSystem\Fastfat\FatIRP_MJ_PNP867E5838

AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CREATE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CREATE_NAMED_PIPE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CLOSE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_READ[F45800D0]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_WRITE[F45803E0]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_EA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_EA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_FLUSH_BUFFERS[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_VOLUME_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_VOLUME_INFORMATION[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_DIRECTORY_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_FILE_SYSTEM_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_DEVICE_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_INTERNAL_DEVICE_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SHUTDOWN[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_LOCK_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CLEANUP[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_CREATE_MAILSLOT[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_SECURITY[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_SECURITY[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_POWER[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SYSTEM_CONTROL[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_DEVICE_CHANGE[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_QUERY_QUOTA[F4580340]SYMEVENT.SYS
AttachedDevice\FileSystem\Fastfat\FatIRP_MJ_SET_QUOTA[F4580340]SYMEVENT.SYS

Device\FileSystem\Cdfs\CdfsIRP_MJ_CREATE866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_CLOSE866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_READ866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_QUERY_INFORMATION866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_SET_INFORMATION866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_QUERY_VOLUME_INFORMATION866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_DIRECTORY_CONTROL866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_FILE_SYSTEM_CONTROL866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_DEVICE_CONTROL866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_SHUTDOWN866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_LOCK_CONTROL866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_CLEANUP866ED460
Device\FileSystem\Cdfs\CdfsIRP_MJ_PNP866ED460

----Registry-GMER1.0.13----

Reg\Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version0x360xB00x290x7A...
Reg\Registry\MACHINE\SOFTWARE\MinnetonkaAudioSoftware\SurCodeDolbyDigitalPremiere\Version@Version0x360xB00x290x7A...

----Files-GMER1.0.13----

ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\01\11-{95C7FEA6-9321-A504-D58A-D170D0F22509}-v1-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\12\12-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v12-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\13\13-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v13-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\13\13-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v13-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\14\14-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v14-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\14\14-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v14-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v14-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\17\17-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v17-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\17\17-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v17-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v17-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\19\19-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v19-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\19\19-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v19-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v19-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\20\20-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v20-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\20\20-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v20-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\30\30-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v30-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\30\30-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v30-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v30-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\32\32-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v32-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADSC:\DocumentsandSettings\BenoîtDaoust\LocalSettings\ApplicationData\Microsoft\Messenger\dsijion@hotmail.com\SharingMetadata\jdecaron@hotmail.com\DFSR\Staging\CS{95C7FEA6-9321-A504-D58A-D170D0F22509}\32\32-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v32-{B676F85A-1F80-4A76-97AC-00AFBF02A8AD}-v32-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
FileC:\RECYCLER\NPROTECT
FileC:\RECYCLER\NPROTECT\00000000
FileC:\RECYCLER\NPROTECT\00000174.
FileC:\RECYCLER\NPROTECT\00000175.
FileC:\RECYCLER\NPROTECT\00000176.
FileC:\RECYCLER\NPROTECT\00000207.
FileC:\RECYCLER\NPROTECT\00000222.html
FileC:\RECYCLER\NPROTECT\00000243.
FileC:\RECYCLER\NPROTECT\00000244.
FileC:\RECYCLER\NPROTECT\00000296.
FileC:\RECYCLER\NPROTECT\00000297.
FileC:\RECYCLER\NPROTECT\00000301.
FileC:\RECYCLER\NPROTECT\00000315.
FileC:\RECYCLER\NPROTECT\00009280.
FileC:\RECYCLER\NPROTECT\00009331.
FileC:\RECYCLER\NPROTECT\00010052.
FileC:\RECYCLER\NPROTECT\NPROTECT.LOG
FileE:\RECYCLER\NPROTECT
FileE:\RECYCLER\NPROTECT\NPROTECT.LOG
FileF:\RECYCLER\NPROTECT
FileF:\RECYCLER\NPROTECT\NPROTECT.LOG
FileG:\RECYCLER\NPROTECT
FileG:\RECYCLER\NPROTECT\NPROTECT.LOG

----EOF-GMER1.0.13----


3/3 ... had to split !!

Mr_JAk3
2007-07-04, 21:41
Hello :)

Ok more research is needed here....

Generate a HijackThis Startup list:
Open HijackThis: Click on "Open the Misc Tools Section"
Check the following boxes to the right of "Generate StartupList Log": List also minor sections (Full)
List empty sections (Complete)
Click "Generate StartupListLog"
Click "Yes" at the prompt.
A Notepad window will open with the contents of the HijackThis Startup list displayed
Copy & Paste that log to here

Dsijion
2007-07-05, 07:06
That's a good idea !!:

There it is !
(in 3 replies again... :sick:
________

StartupList report, 2007-07-05, 00:04:23
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Benoît Daoust\Start Menu\Programs\Startup]
Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nwiz = nwiz.exe /install
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
PC Booster = C:\Program Files\inKline Global\PC Booster\pcbooster.exe
Share-to-Web Namespace Daemon = C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
type32 = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint = "C:\Program Files\Microsoft IntelliPoint\point32.exe"
QMusic2 = "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
StartFoxie = C:\Program Files\Foxie Suite\StartFoxie.exe
MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
GhostStartTrayApp = C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
AcctMgr = C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe
BitTorrent = "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE "%1"

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

Dsijion
2007-07-05, 07:07
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Foxie Suite\foxietoolbaru.dll - {432CAE3B-690F-4C3B-BD97-070EBDA210D5}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
NAV Helper - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Program Files\Foxie Suite\foxiecoreu.dll - {C65185B1-D52B-44A9-861F-8201B50D1F37}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Norton AntiVirus - Scan my computer.job
Norton SystemWorks One Button Checkup.job
Symantec Drmc.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

[Java Plug-in 1.5.0_01]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab

[Java Plug-in 1.5.0_02]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Dsijion
2007-07-05, 07:08
--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

61883 Unit Device: System32\DRIVERS\61883.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
ATM Service: %SystemRoot%\System32\ATMsrvc.exe (disabled)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Autodesk Licensing Service: "C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe" (manual start)
AVC Device: System32\DRIVERS\avc.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
C-Dilla: \??\C:\WINDOWS\System32\drivers\CDANT.SYS (manual start)
C-DillaCdaC11BA: C:\WINDOWS\System32\drivers\CDAC11BA.EXE (autostart)
C-DillaSrv: C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
CdaC15BA: \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
NVIDIA Stereo Helper Service: System32\DRIVERS\dumant.sys (system)
3Com 3C2000x EtherLink XL Adapter: System32\DRIVERS\EL2K_XP.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GhostStartService: C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (autostart)
GhostPciScanner: \??\C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys (system)
gmer: System32\DRIVERS\gmer.sys (manual start)
GMSIPCI: \??\D:\INSTALL\GMSIPCI.SYS (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Logitech SetPoint USB Receiver device driver: System32\Drivers\LHidUsbK.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Logitech SetPoint Mouse Filter Driver: system32\DRIVERS\LMouKE.Sys (manual start)
Macromedia Licensing Service: "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" (manual start)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
MidiSyn: system32\drivers\MidiSyn.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Microsoft DV Camera and VCR: System32\DRIVERS\msdv.sys (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Norton AntiVirus Auto Protect Service: "C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVENG.SYS (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20030814.007\NAVEX15.SYS (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton Unerase Protection Driver: \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS (manual start)
Norton Unerase Protection: C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nVidia WDM Video Capture (universal): system32\DRIVERS\nvcap.sys (autostart)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
nVidia WDM TVTuner: system32\DRIVERS\nvtunep.sys (autostart)
nVidia WDM TVAudio Crossbar: system32\DRIVERS\nvtvsnd.sys (autostart)
nVidia WDM A/V Crossbar: system32\DRIVERS\NVxbar.sys (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Low level access layer for CD devices: System32\Drivers\Pcouffin.sys (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Microsoft IntelliPoint Filter Driver: system32\DRIVERS\point32.sys (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVRTPEL.SYS (system)
SAVScan: "C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe" (manual start)
ScriptBlocking Service: C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SDdriver: \??\C:\WINDOWS\system32\Drivers\sddriver.sys (manual start)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
High-Capacity Floppy Disk Drive: System32\DRIVERS\sfloppy.sys (manual start)
Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
Speed Disk service: C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
StarWind iSCSI Service: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (autostart)
Still Serial Digital Camera Driver: System32\DRIVERS\serscan.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{A1C263A0-43D6-437A-879F-937D69BD1651} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
Service Messenger Sharing Folders USN Journal Reader: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Logitech Virtual Bus Enumerator Driver: system32\drivers\WmBEnum.sys (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Logitech WingMan HID Filter Driver: system32\drivers\WmFilter.sys (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Logitech Virtual Hid Device Driver: system32\drivers\WmVirHid.sys (manual start)
Logitech WingMan Translation Layer Driver: system32\drivers\WmXlCore.sys (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

Dsijion
2007-07-05, 07:09
--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\Documents and Settings\Benoît Daoust\Local Settings\temp\~DF73.tmp||C:\Documents and Settings\Benoît Daoust\Local Settings\temp\~DFB56E.tmp||C:\Documents and Settings\Benoît Daoust\Cookies\index.dat||C:\Documents and Settings\Benoît Daoust\Local Settings\temp\~DF73.tmp||C:\Documents and Settings\Benoît Daoust\Local Settings\temp\~DFB56E.tmp||C:\Documents and Settings\Benoît Daoust\Local Settings\Temporary Internet Files\content.ie5\index.dat||C:\Documents and Settings\Benoît Daoust\cookies\index.dat||C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\content.ie5\index.dat||C:\Documents and Settings\LocalService\cookies\index.dat||C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\content.ie5\index.dat||C:\Documents and Settings\NetworkService\cookies\index.dat


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 42*096 bytes
Report generated in 0,969 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

haha

4 replies finally !! :sick: :sick:

Dsijion
2007-07-05, 07:14
QMusic2 = "C:\Program Files\BenQ\QMusic2\QMAgent.exe" ???

something like that is alwais found in SpyBot S&D ... maybe I'm wrong...

Dsijion
2007-07-05, 07:16
:oops: BenQ is okay.. just the Agent thing...

I also very often have the double clip thing... WHATEVER... !!! :lip:

Dsijion
2007-07-05, 07:17
doubleclick !! :lip: :lip: :lip: ... :lip:

Mr_JAk3
2007-07-05, 20:13
Ok good...nothing bad there...

How is the computer running at the moment?

Please post a fresh HijackThis log to here.

Dsijion
2007-07-06, 23:00
SLOW Internet !!

and I have a Java script ready to instal... (a buble)... do I instal it ??

there is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 15:59:11, on 2007-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

You a machine... reading this is impossible for me !!!

Dsijion
2007-07-06, 23:36
SLOW Internet...

I will tcheck if my routeur works properly...
and what is WPA and WEP... just heard about it.

There is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 16:33:37, on 2007-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Logfile of HijackThis v1.99.1
Scan saved at 16:33:37, on 2007-07-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\inKline Global\PC Booster\pcbooster.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\BenQ\QMusic2\QMAgent.exe
C:\Program Files\Foxie Suite\StartFoxie.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

1/2

Dsijion
2007-07-06, 23:39
2/2

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xport to Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I don't know what happen... I had to resend my message... hope it wont appear twice ! :oops:

Oh... and I still had 4 spybot S&D cookie... tracker !!... I fixed it... maybe it would be better for us if I send you a HJT log before I fix those kind of thing ?

Dsijion
2007-07-06, 23:41
haha... well, There is two HJT log ... the first one is before I have fix the 4 cookies so... may be usefull to know.

:bigthumb:

Mr_JAk3
2007-07-07, 13:33
Hello :)

Looks clean now. You have all kinds of propgrams running and loading, this is most likely the reason why the pc is slow. Also P2P programs are slowing down your connection. Do you want that we disable the unnecessary programs from running?

Dsijion
2007-07-10, 19:52
yes !!

please... :bigthumb:

Mr_JAk3
2007-07-10, 20:40
Ok :)

You can fix all these entries with HijackThis (no need for those to be running all the time):

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QMusic2] "C:\Program Files\BenQ\QMusic2\QMAgent.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe


Restart the computer and see if there is a difference :bigthumb:

Dsijion
2007-07-12, 02:51
sick !!

done... I will give you feedback about this soon.
Thanks !

Dsijion
2007-07-17, 20:09
Okay... looks like I have no more smithfraud !! nothing... my computer is clean.

BUT my Internet is freak... certain pages just jam for like 10 secondes... and than I click on another link and it takes 15 secondes.

Looks like the commection is interrupted or something like that... I've test the speed connection and it seems good.

I've unpluged my rooter and connected my conncetion directly to my computer and than... same thing.

I have made this test... don't know what it is... maybe it could help.
http://www.dslreports.com/tweakr/block:165a903?service=cable&speed=7000&os=winXP&via=normal

And I alwais have this...
http://img105.imageshack.us/img105/7553/sbsanddnh1.jpg
Could it be the cause ??

What should I check...? what could be the problem ?? Do I need to recall the companie and ask for a technician... ??? I hate this !

Mr_JAk3
2007-07-18, 18:05
Hello :)

Ok the Spybot findings are just cookies...you can prevent them from installing to your computer with these two programs:

Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

Then your computer is looking clean so I don't think that the Internet issue is malware related. Did you fix the unnecessary entries I listed in my previous message?

Dsijion
2007-07-20, 01:37
yes ! good thing... but did'nt change.

My Internet still have a delay before starting to load a web page. I hate this delay !!

But well... THanks alot for your help concerning "Smitfraud". I will do my best concerning the Internet Delay !! :sick:

I have a last question...
What is the best free anti-virus... I'd like to uninstall Norton for an other one.

Thanks again !!
and, I won't reply this message for 2 weeks... going in a road trip. Will read as soon as I can !!
:eek:

I understand so much of thing with you... sick !! haha
ThanksThanksThanksThanksThanks ! x 1000 :crowned::bigthumb::cool::angel:

Mr_JAk3
2007-07-22, 20:10
Hello and sorry for the delay...I was away...

Ok the slowness doesn't seem to be malware related.

You could go through this list and see if it helps -> Linky (http://www.castlecops.com/postitle175256-0-0-.html)

Here are my recommendations for a free AV and firewall:

These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
Comodo (http://www.personalfirewall.comodo.com)

These are good (free) antiviruses: AVG (http://free.grisoft.com)
Antivir (http://www.free-av.com)
Avast (http://www.avast.com)

tashi
2007-08-04, 01:09
This topic has been moved to archives. ;)

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.

Edit: Thank you for the pm letting us know all is well Dsijion. :bigthumb: