smitfraud-c Toolbar 888

[exodus264]

Hi.

I killed those files too. I'm still finding the occasional ad window open and spybot and AVG are still giving a large number of hits.

Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 23, 2007 6:41:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 23/05/2007
Kaspersky Anti-Virus database records: 328229
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 80703
Number of viruses found: 2
Number of infected objects: 1
Number of suspicious objects: 1
Duration of the scan process: 01:12:52

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_24adf822-76f7-4481-b30b-ff1b40f8687f Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-04082007-213105.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\History\History.IE5\MSHist012007052320070524\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temp\Perflib_Perfdata_7fc.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temporary Internet Files\Content.IE5\23WF7RTU\in[1].htm Infected: Trojan-Downloader.JS.Psyme.cz skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temporary Internet Files\Content.IE5\ALW0HH9H\deliver46860[1].htm Suspicious: Exploit.HTML.Mht skipped
C:\Documents and Settings\Cathy Wolf\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Cathy Wolf\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Cathy Wolf\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP16\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{9566A94E-28CE-46BB-8D9A-8B3F027A8B5A}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8834CF05-D936-440E-B805-57F5BDA6BB52}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:48:26 PM, on 5/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\kill button\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\temp\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Shortcut to pccguide.lnk = C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

[exodus264]

I went ahead and installed spyware blaster, I'll see if that helps.

 

[Shaba]

Hi

Empty internet explorer temporary internet files.

Well then post AVG report and spybot report if those still occur.

 

[tashi]

Due to lack of feedback this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

 

[tashi]

Re-opened upon request.

 

[exodus264]

Hi.

Sorry for the long delay. I've been monitoring the computer for the past week with mixed results (this is with spyware blaster activated). At first it looked like there were no longer random ad pop-ups but ads started popping up again, on two occasions it even caused the computer to freeze such that it had to be restarted. AVG and spybot still consistently have a decent number of results, though they all seem to be tracking cookies. The tracking cookies don't sound like they're a real problem. Hopefully you still have some ideas for getting rid of the ad windows.

Spybot:

HitBox
K2L
Win32.Agent.amr
ZQest.K8L

AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:22:23 AM 6/1/2007

+ Scan result:



[564] VM_01DE0000 -> Adware.NaviPromo : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.


::Report end

 

[Shaba]

Hi


Download Blacklight Beta from here:
https://europe.f-secure.com/exclude/blacklight/index.shtml
* Hit I accept. It will take you to the download page.
* Download fsbl.exe and save it to the C:\
* Once saved... double click fsbl.exe to install the program.
Go to Start-->Run, copy in the following text and press Enter:
C:\fsbl.exe /expert
(space between fsbl.exe and /expert)

Accept the agreement, leave [X]scan through Windows Explorer checked.
Click > scan, Then > next
You'll see a list of all items found.
Don't do anything else right now.
There will be a log in C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).
Copy and paste the contents of this log into your next reply.

 

[exodus264]

Hi.

Here are the results:

06/01/07 17:55:50 [Info]: BlackLight Engine 1.0.61 initialized
06/01/07 17:55:50 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/01/07 17:55:50 [Note]: 7019 4
06/01/07 17:55:50 [Note]: 7005 0
06/01/07 17:56:19 [Note]: 7006 0
06/01/07 17:56:19 [Note]: 7022 0
06/01/07 17:56:19 [Note]: 7011 1848
06/01/07 17:56:20 [Note]: 7026 0
06/01/07 17:56:20 [Note]: 7026 0
06/01/07 17:56:23 [Note]: FSRAW library version 1.7.1021
06/01/07 18:01:05 [Note]: 2000 1012
06/01/07 18:01:05 [Note]: 2000 1012
06/01/07 18:01:05 [Note]: 2000 1012

 

[Shaba]

Hi

Let's do a doublecheck because of this:

[564] VM_01DE0000 -> Adware.NaviPromo : Cleaned.

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

 

[exodus264]

Hi

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-02 16:51:09
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6A4A68E 5 Bytes JMP 866421B8
? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 4309FF9F C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 4309FF20 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 4309FF64 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 4309FEAC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 4309FEE6 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 4309FFDA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3524] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F315D2 C:\WINDOWS\system32\IEFRAME.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867CF1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 85B24990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 85B24990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86625990
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867681D8

 

[exodus264]

Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867681D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867681D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86625990
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86625990
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 866147B8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 866147B8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 866147B8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 866147B8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 866147B8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 866147B8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 866147B8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D11D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 865C0658
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 865C0658
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 865C0658
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLOSE 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8

 

[exodus264]

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_POWER 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_PNP 867D01D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867D11D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{06F0A4AB-0576-4DFC-861B-40678FE442B5} IRP_MJ_CREATE 861DC990
Device \Driver\NetBT \Device\NetBT_Tcpip_{06F0A4AB-0576-4DFC-861B-40678FE442B5} IRP_MJ_CLOSE 861DC990
Device \Driver\NetBT \Device\NetBT_Tcpip_{06F0A4AB-0576-4DFC-861B-40678FE442B5} IRP_MJ_DEVICE_CONTROL 861DC990
Device \Driver\NetBT \Device\NetBT_Tcpip_{06F0A4AB-0576-4DFC-861B-40678FE442B5} IRP_MJ_INTERNAL_DEVICE_CONTROL 861DC990
Device \Driver\NetBT \Device\NetBT_Tcpip_{06F0A4AB-0576-4DFC-861B-40678FE442B5} IRP_MJ_CLEANUP 861DC990
Device \Driver\NetBT \Device\NetBT_Tcpip_{06F0A4AB-0576-4DFC-861B-40678FE442B5} IRP_MJ_PNP 861DC990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 861DC990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 861DC990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 861DC990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 861DC990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 861DC990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 861DC990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 861DC990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 861DC990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 861DC990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 861DC990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 861DC990
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 861DC990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 86625990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 86625990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 865C41D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 86625990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 865C41D8

 

[exodus264]

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 865C41D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 865C41D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 86625990
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 86625990
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 86625990
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 86625990
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 86625990
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 866147B8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 866147B8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 866147B8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 866147B8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 866147B8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 866147B8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 866147B8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D11D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 85B24990
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 85B24990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [BA36B912] DLAIFS_M.SYS
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8633F3D0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8633F3D0

---- Registry - GMER 1.0.12 ----

Reg \Registry\USER\S-1-5-21-2548815652-3467953742-2837440639-1005\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x68 0x75 0x03 0x52 ...
Reg \Registry\USER\S-1-5-21-2548815652-3467953742-2837440639-1005\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x5D 0x2E 0xBC 0x00 ...

---- EOF - GMER 1.0.12 ----

 

[Shaba]

Hi

Ok, nothing there.

Please re-run AVG a-s and post its log along with a fresh HijackThis log.

 

[exodus264]

Hi.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:38:25 PM 6/3/2007

+ Scan result:



[564] VM_01DE0000 -> Adware.NaviPromo : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@ads.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Cathy Wolf\Cookies\cathy_wolf@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.


::Report end

 

[exodus264]

Logfile of HijackThis v1.99.1
Scan saved at 8:40:44 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\kill button\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HijackThis startup scan] C:\temp\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Shortcut to pccguide.lnk = C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

 

[Shaba]

Hi

Really strange, navipromo is active but any rootkit scanner fails to find it.

Please download Navilog1 by IL-MAFIOSO:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip

• Extract its contents to the desktop.
• Double click on navilog1.exe to install it on your computer.
• When the installation is complete, the tool will start automatically.
• If it doesn't start automatically, please double click on Navilog1 shortcut on your desktop to run it.
• Press E for English from the language Menu.
• Type 1 in the next Menu to select Search and press Enter.
• Wait for the Scan to finish (It may take a reasonable amount of time)
• Press any key as requested .
• A new document will be produced: fixnavi.txt.
• Please copy/paste the contents of this report in your next reply.

The report is also saved in the root of the directory, "%SystemDrive%\fixnavi.txt". (usually C:\fixnavi.txt)

 

[exodus264]

Hi

Search Navipromo version 2.0.2 began on Mon 06/04/2007 at 12:19:32.44

!!! Warning, this report can can include legitimate files/programs!!!
!!! Post this report on the forum you are being helped !!!
!!! Don't run cleanning fix before special advise from the helper !!!

Fix running from C:\Program Files\navilog1
Updated the 17.05.2007 at 23h00 by IL-MAFIOSO

Done in normal mode

*** Search installed Sofwares ***




*** Search folders in C:\WINDOWS ***




*** Search folders in C:\Program Files ***




*** Search folders in C:\Documents and Settings\All Users\Application Data ***




*** Search folders in C:\Documents and Settings\Cathy Wolf\Application Data ***



*** Search with BlackLight Engine/F-secure ***
BlackLight Engine is product from F-secure, for more infos :
http://www.f-secure.com/blacklight/blacklight_help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 06/04/07 at 12:19:33.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ..........................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 06/04/07 at 12:24:18 (return code = 0).


*** Search files ***




*** Search registry keys ***


Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Search in [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Search Magic Control Key



*** Complementary Search ***
(Search specifics files)

1)Search known files:


2)Heuristic Search :
*
**
***
****
*****
******
*******
********


*** Search Finished the Mon 06/04/2007 at 12:24:42.96 ***

 

[Shaba]

Hi

Nothing there.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Please run this online scan:

Panda ActiveScan

• Once you are on the Panda site, click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on Local Disks to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log

Post:

- dss log
- panda report

 

[exodus264]

Hi

Deckard's System Scanner v20070603.47
Run by Administrator on 2007-06-05 at 21:30:54
Computer is in Safe Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 5 Restore Point(s) --
32: 2007-06-05 01:25:57 UTC - RP32 - System Checkpoint
31: 2007-06-03 23:51:45 UTC - RP31 - System Checkpoint
30: 2007-06-02 23:50:40 UTC - RP30 - System Checkpoint
29: 2007-06-01 22:51:46 UTC - RP29 - System Checkpoint
28: 2007-05-31 22:02:47 UTC - RP28 - Software Distribution Service 3.0


-- First Restore Point --
1: 2007-05-12 22:08:39 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:31:55 PM, on 6/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\kill button\dss.exe
C:\KILLBU~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Shortcut to pccguide.exe.lnk = C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


-- HijackThis Fixed Entries (C:\KILLBU~1\backups\) -----------------------------

backup-20070506-143646-898 O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS\ljkjkj.dll",setvm
backup-20070506-143716-890 O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\owintodv.exe
backup-20070506-143748-779 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20070509-121818-112 O15 - Trusted Zone: *.imageservr.com
backup-20070509-121818-158 O15 - Trusted Zone: *.errorprotector.com
backup-20070509-121818-272 O15 - Trusted Zone: *.winantivirus.com
backup-20070509-121818-336 O15 - Trusted Zone: *.errorprotector.com (HKLM)
backup-20070509-121818-353 O15 - Trusted Zone: *.imagesrvr.com
backup-20070509-121818-415 O15 - Trusted Zone: *.errorsafe.com (HKLM)
backup-20070509-121818-421 O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
backup-20070509-121818-439 O2 - BHO: (no name) - {2E9AC12A-5A75-4F73-899D-46989096C12c} - C:\WINDOWS\system32\kabnxaan.dll (file missing)
backup-20070509-121818-507 O2 - BHO: (no name) - {6FA6A171-A683-442D-AE71-2B4B9C4EFE70} - C:\WINDOWS\system32\pmkhf.dll (file missing)
backup-20070509-121818-517 O15 - Trusted Zone: *.winantivirus.com (HKLM)
backup-20070509-121818-539 O2 - BHO: (no name) - {C6FEE081-003A-47CC-9BB9-EA55C029F248} - C:\Program Files\Windows NT\vigyqeb.dll (file missing)
backup-20070509-121818-607 O15 - Trusted Zone: *.winfixer.com
backup-20070509-121818-628 O15 - Trusted Zone: *.systemdoctor.com
backup-20070509-121818-635 O15 - Trusted Zone: *.systemdoctor.com (HKLM)
backup-20070509-121818-667 O4 - HKLM\..\Run: [WindowsService] rundll32.exe "C:\WINDOWS\system32\rqsfgrdw.dll",realset
backup-20070509-121818-674 O2 - BHO: (no name) - {f86cbf13-8a30-4b42-821f-5de9b14f0ea8} - C:\WINDOWS\system32\DELhcp.dll (file missing)
backup-20070509-121818-682 O15 - Trusted Zone: *.errorsafe.com
backup-20070509-121818-684 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20070509-121818-716 O2 - BHO: (no name) - {A9CDE63E-E103-4B9F-B219-DC8DEC1E8FA6} - C:\Program Files\Windows NT\vigyqeb.dll (file missing)
backup-20070509-121818-727 O2 - BHO: (no name) - {4794E1F0-33F7-463D-B8E4-55F0D47F84D4} - C:\Program Files\Windows NT\vigyqeb.dll (file missing)
backup-20070509-121818-806 O2 - BHO: (no name) - {CA2CFBDE-0F94-491B-9286-00C60C553954} - C:\WINDOWS\system32\iiffgdb.dll (file missing)
backup-20070509-121818-870 O15 - Trusted Zone: *.winfixer.com (HKLM)
backup-20070509-121818-902 O2 - BHO: 0 - {7497BE1C-CB9B-4677-16B0-CE5B30384AF5} - C:\Program Files\Online Services\zyrikucat773.dll (file missing)
backup-20070509-121818-913 O15 - Trusted Zone: *.imageservr.com (HKLM)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S1 tmtdi (Trend Micro TDI Driver) - c:\windows\system32\drivers\tmtdi.sys <Not Verified; Trend Micro Inc.; Trend Micro Network Security Component 1.0>
S2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S2 tm_cfw (Common Firewall Driver) - c:\windows\system32\drivers\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
S2 windev-651d-2cfe - c:\windows\system32\windev-651d-2cfe.sys (file missing)
S3 DSproct - c:\program files\dellsupport\gtaction\triggers\dsproct.sys <Not Verified; Gteko Ltd.; processt>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 SansaService (Sansa Updater Service) - c:\program files\sandisk\sansa updater\sansasvr.exe
S3 PcCtlCom (Trend Micro Central Control Component) - c:\progra~1\trendm~1\intern~1\pcctlcom.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
S3 Tmntsrv (Trend Micro Real-time Service) - c:\progra~1\trendm~1\intern~1\tmntsrv.exe <Not Verified; Trend Micro Incorporated.; Trend Micro Internet Security>
S3 TmPfw (Trend Micro Personal Firewall) - c:\progra~1\trendm~1\intern~1\tmpfw.exe <Not Verified; Trend Micro Inc.; Trend Network Security Component 1.0>
S3 tmproxy (Trend Micro Proxy Service) - c:\progra~1\trendm~1\intern~1\tmproxy.exe <Not Verified; Trend Micro Inc.; Trend Micro Network Security Components 1.0>


-- Scheduled Tasks -------------------------------------------------------------

2007-06-05 21:29:59 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job


-- Files created between 2007-05-05 and 2007-06-05 -----------------------------

2007-06-04 12:19:12 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-06-04 12:18:33 0 d-------- C:\Program Files\Navilog1
2007-05-29 00:20:30 0 d-------- C:\WINDOWS\nview
2007-05-29 00:17:42 0 d-------- C:\NVIDIA
2007-05-28 20:40:49 1755 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-05-25 18:45:12 0 d-------- C:\temp
2007-05-25 18:44:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Media Center Programs
2007-05-25 18:30:03 0 d-------- C:\Program Files\THQ
2007-05-25 18:17:20 0 d-------- C:\Documents and Settings\Cathy Wolf\Application Data\InstallShield
2007-05-23 18:55:53 0 d-------- C:\Program Files\SpywareBlaster
2007-05-20 08:45:46 0 d-------- C:\Documents and Settings\Cathy Wolf\Application Data\Command & Conquer 3 Tiberium Wars
2007-05-20 08:45:23 0 dr-h----- C:\Documents and Settings\Cathy Wolf\Application Data\SecuROM
2007-05-20 08:27:15 0 d-------- C:\Program Files\Electronic Arts
2007-05-18 13:56:13 0 d-------- C:\!KillBox
2007-05-12 20:30:39 0 d-------- C:\WINDOWS\network diagnostic
2007-05-10 14:04:25 0 d-------- C:\Program Files\DellSupport
2007-05-10 13:29:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-05-10 13:29:26 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-05-08 16:52:23 0 d-------- C:\BFU
2007-05-08 16:51:46 0 d-------- C:\Documents and Settings\Cathy Wolf\Application Data\WinRAR
2007-05-08 16:44:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-05-06 23:11:29 0 d-------- C:\WINDOWS\system32\smpi1
2007-05-06 23:11:28 40183 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2007-05-06 23:11:27 0 d-------- C:\WINDOWS\system32\SBO
2007-05-06 23:11:27 0 d-------- C:\Documents and Settings\Cathy Wolf\Application Data\?ssembly
2007-05-06 23:03:17 0 d-------- C:\Program Files\MSXML 4.0
2007-05-06 14:43:13 0 d-------- C:\WINDOWS\system32\appmgmt
2007-05-05 18:30:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2007-05-05 18:05:26 0 d-------- C:\kill button


-- Find3M Report ---------------------------------------------------------------

2007-05-25 18:20:18 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-10 14:04:22 0 d-------- C:\Program Files\Dell Support
2007-05-09 19:29:34 0 d-------- C:\Program Files\Windows Defender
2007-05-09 19:27:43 0 d-------- C:\Program Files\QuickTime
2007-05-09 19:27:43 0 d-------- C:\Program Files\Messenger
2007-05-09 19:27:43 0 d-------- C:\Program Files\iTunes
2007-05-08 16:55:45 0 d-------- C:\Program Files\Windows NT
2007-05-08 16:55:45 0 d-------- C:\Program Files\Online Services
2007-05-08 16:55:44 0 d-------- C:\Program Files\Google
2007-05-07 16:32:57 0 d-------- C:\Program Files\Dell
2007-05-07 01:03:21 0 d-------- C:\Program Files\Java
2007-04-15 22:44:49 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-04-15 22:20:18 0 d-------- C:\Program Files\Lavasoft
2007-04-15 22:17:21 0 d-------- C:\Program Files\Lavasoft2
2007-04-15 19:10:04 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-04-15 18:16:07 4282 --a------ C:\WINDOWS\system32\tmp.reg
2007-04-15 00:26:15 0 d-------- C:\Program Files\Spybot - Search & Destroy2
2007-04-11 17:51:36 0 d-------- C:\Program Files\DeskAlerts
2007-04-11 17:47:10 932 --a------ C:\WINDOWS\system32\winpfz32.sys


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SigmatelSysTrayApp"="stsystra.exe"
"DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="\"C:\\PROGRA~1\\COMMON~1\\MICROS~1\\DW\\dwtrig20.exe\" -t"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{CA2CFBDE-0F94-491B-9286-00C60C553954}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaDetect"
"hkey"="HKLM"
"command"="C:\\Program Files\\Corel\\Corel Photo Album 6\\MediaDetect.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mimboot"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"