Help! Search engine virus?

S

Silverceladon

New member
I have read the "before you post" thread and my computer will not finish the online virus scan...my computer will freeze up so I went to hijack per your instructions.

Whenever I try to use a search engine it redirects me to their own search engine or a porn site. I have run Norton, Spybot, and Webroot and I can't get rid of it! Here's my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 1:10:13 PM, on 5/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\AOL\1150498991\ee\AOLSoftware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5UI1W1YC\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [DIGStream] "C:\Program Files\DIGStream\digstream.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1150498991\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [MegaPanel] "C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SW CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {E90B1832-3097-4d1c-93D1-D5332BA287A0} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: taskad - C:\WINDOWS\assembly\GAC\IN65D8~1.HPO\taskad.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
search engine virus

Here's what I can get from the online scan before my computer crashes...

DF19.tmp Win32/SillyDl.NR infected C:\Documents and Settings\Default User\Local Settings\Temp\
FirstApplet.class-26a7c35-1a93e247.class Java/ByteVerify!exploit infected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\
archive.jar-309ba6d8-46d56cda.zip>Dummy.class Java/ByteVerify!exploit infected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
archive.jar-7792b7fc-21de7a01.zip>Dummy.class Java/ByteVerify!exploit infected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
cnte-dhncgts.jar-6333896a-4f8d3d12.zip>BnnnnBaa.class Java/ByteVerify!exploit infected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
cnte-dhncgts.jar-6333896a-4f8d3d12.zip>VaannnaaBaa.class Java/ByteVerify!exploit infected C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\
 
Hello Silverceladon and welcome to the Forums :)

Sorry for the delay, I noticed the post in the waiting room....

Download HijackThis to your desktop from here
Create a new folder for HijackThis and move HijackThis.exe into it.

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
  • Restart your computer
  • Start tapping the F8 key when the computer restarts.
  • When the start menu opens, choose Safe mode
  • Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, you should now mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable
  • After the scan, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot the computer in Normal Mode,
  • Post the Cure-it report and a fresh HijackThis log

:bigthumb:
 
virus

Hi and thank you. I did a Dr. Web in safe mode and no viruses were found. I did a fresh hijackThis log and it is as follows: FYI My computer now takes at least 15 minutes to boot up now...argh....

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\HP\KBD\KBD.EXE
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\AOL\1150498991\ee\AOLSoftware.exe
C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [DIGStream] "C:\Program Files\DIGStream\digstream.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1150498991\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [MegaPanel] "C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SW CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cfgwiz.exe" /GUID {E90B1832-3097-4d1c-93D1-D5332BA287A0} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: taskad - C:\WINDOWS\assembly\GAC\IN65D8~1.HPO\taskad.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
Hello :)

Ok you have a huge amount of programs loading with Windows. This is what makes your computer slow. You may fix the following entries if you want to make your computer faster (unnecessary startups):

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] "c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\Hewlett-Packard\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [DIGStream] "C:\Program Files\DIGStream\digstream.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1150498991\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [MegaPanel] "C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

Restart the computer and you should be able to see the difference :bigthumb:
 
Hello :)

Sorry, I didn't remember that we hadn't yet used HijackThis.

Run HijackThis, click Do a system scan only, and check the box next to each of the entries I listed earlier (if you want to fix them all). Close all other windows and press Fix checked.

Then the real infection:

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.
 
I did what you say and fixed the previous entries...thanks-computer running faster now.

I ran the GMER but it would only get to a certain point then it would freeze up. I put in clipboard what it did before it would abort...here's the log...

um well, I have it but I can't copy it! I'm in clipboard and under edit the "copy" is not turned on. How do I do that? So sorry I'm such a computer idiot...:red:
 
Hello :)

Ok when you've finished the scan in GMER, click on "Copy" (in GMER's downright corner). Then log in here and start writing a reply, rightclick on the text field (with mouse) and choose "Paste" from the menu. The log should be pasted to your reply. If the log is huge you may need to use several replies.

:bigthumb:
 
Okay...let's see if it worked...it still froze up but here's what I could get...

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-20 16:25:49
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 842C4020 ZwAllocateVirtualMemory
SSDT 839F8180 ZwConnectPort
SSDT 84330BF8 ZwCreateKey
SSDT 842B5640 ZwCreateProcess
SSDT 842B55C8 ZwCreateProcessEx
SSDT 842B53E8 ZwCreateThread
SSDT 84314F78 ZwDeleteKey
SSDT 842B56B8 ZwDeleteValueKey
SSDT 842B5190 ZwQueueApcThread
SSDT 842C4F30 ZwReadVirtualMemory
SSDT 842F3858 ZwRenameKey
SSDT 842B5280 ZwSetContextThread
SSDT 842AB240 ZwSetInformationKey
SSDT 842B54D8 ZwSetInformationProcess
SSDT 842B52F8 ZwSetInformationThread
SSDT 842AB1C8 ZwSetValueKey
SSDT 842B5460 ZwSuspendProcess
SSDT 842B5208 ZwSuspendThread
SSDT 842B5550 ZwTerminateProcess
SSDT 842B5370 ZwTerminateThread
SSDT 842C4FA8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\System32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\winlogon.exe[688] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00C45017
.text C:\WINDOWS\system32\winlogon.exe[688] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00C4522F
.text C:\WINDOWS\system32\winlogon.exe[688] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00C4534C
.text C:\WINDOWS\system32\winlogon.exe[688] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00C45131
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1056] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ AB, FA, C3, 83 ]
.text C:\Program Files\Softex\OmniPass\OPXPApp.exe[1392] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 003D5017
.text C:\Program Files\Softex\OmniPass\OPXPApp.exe[1392] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 003D522F
.text C:\Program Files\Softex\OmniPass\OPXPApp.exe[1392] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003D534C
.text C:\Program Files\Softex\OmniPass\OPXPApp.exe[1392] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 003D5131
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1660] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 003D5017
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1660] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 003D522F
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1660] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 003D534C
.text C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe[1660] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 003D5131
.text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00B75017
.text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00B7522F
.text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B7534C
.text C:\WINDOWS\explorer.exe[2116] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00B75131
.text C:\hp\KBD\kbd.exe[2960] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008B5017
.text C:\hp\KBD\kbd.exe[2960] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 008B522F
.text C:\hp\KBD\kbd.exe[2960] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008B534C
.text C:\hp\KBD\kbd.exe[2960] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 008B5131
.text C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe[3096] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00ED5017
.text C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe[3096] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00ED522F
.text C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe[3096] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00ED534C
.text C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe[3096] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00ED5131
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtCreateThread 7C90D7D2 3 Bytes JMP 00915017
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtCreateThread + 4 7C90D7D6 1 Byte [ 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes JMP 0091522F
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 1 Byte [ 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 3 Bytes JMP 0091534C
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtQueryDirectoryFile + 4 7C90DF62 1 Byte [ 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes JMP 00915131
.text C:\WINDOWS\system32\ctfmon.exe[3664] ntdll.dll!NtSetValueKey + 4 7C90E7C0 1 Byte [ 84 ]

---- Devices - GMER 1.0.12
 
---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 839F9438
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 839F9540
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 839F9628
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 839F96E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 839F97A8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 839F9A08
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 839F9AD0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 839F9C98
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 839FA0F0
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 839FA1B8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 83A1E338
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 83A1E4A8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 83A1E568
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 83A1E628
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 83A1E6E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 83A1E860
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 83A1E9E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 83A1EB88
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 83A1EC48
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 83A1ED08
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 83A1F1C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 83A1F288
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 83A1F388
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 83A1F488
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 83A1F558
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 83A1F618
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 83A1F6D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 83A1F798
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 839F9438
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 839F9540
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 839F9628
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 839F96E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 839F97A8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 839F9A08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 839F9AD0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 839F9C98
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 839FA0F0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 839FA1B8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 83A1E338
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 83A1E4A8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 83A1E568
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 83A1E628
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 83A1E6E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 83A1E860
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 83A1E9E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 83A1EB88
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 83A1EC48
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 83A1ED08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 83A1F1C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 83A1F288
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 83A1F388
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 83A1F488
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 83A1F558
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 83A1F618
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 83A1F6D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 83A1F798
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 839F9438
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 839F9540
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 839F9628
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 839F96E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 839F97A8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 839F9A08
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 839F9AD0
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 839F9C98
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 839FA0F0
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 839FA1B8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 83A1E338
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 83A1E4A8
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 83A1E568
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 83A1E628
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 83A1E6E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 83A1E860
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 83A1E9E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 83A1EB88
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 83A1EC48
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 83A1ED08
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 83A1F1C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 83A1F288
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 83A1F388
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 83A1F488
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 83A1F558
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 83A1F618
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 83A1F6D8
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 83A1F798
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 839F9438
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 839F9540
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 839F9628
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 839F96E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 839F97A8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 839F9A08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 839F9AD0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 839F9C98
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 839FA0F0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 839FA1B8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 83A1E338
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 83A1E4A8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 83A1E568
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 83A1E628
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 83A1E6E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 83A1E860
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 83A1E9E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 83A1EB88
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 83A1EC48
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 83A1ED08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 83A1F1C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 83A1F288
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 83A1F388
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 83A1F488
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 83A1F558
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 83A1F618
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 83A1F6D8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 83A1F798
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 839F9438
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 839F9540
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 839F9628
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 839F96E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 839F97A8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 839F9A08
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 839F9AD0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 839F9C98
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 839FA0F0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 839FA1B8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 83A1E338
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 83A1E4A8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 83A1E568
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 83A1E628
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 83A1E6E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 83A1E860
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 83A1E9E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 83A1EB88
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 83A1EC48
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 83A1ED08
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 83A1F1C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 83A1F288
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 83A1F388
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 83A1F488
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 83A1F558
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 83A1F618
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 83A1F6D8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 83A1F798

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Owner\Favorites\Sundey's Links\The Home Depot Cuisinart® DIP-8 Waffle Dippers:favicon
 
You must log in or register to reply here.
Back
Top