Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Multiple problems and Toolbar888 adware
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 11-03-2006, 10:29 AM   #1 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 9
OS: XP Professional


Multiple problems and Toolbar888 adware
I know theres problems that i need to get rid of just looking at this hijack this log but im not sure, can some one help?



Logfile of HijackThis v1.99.1
Scan saved at 11:42:29 AM, on 11/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Documents and Settings\Ryan\My Documents\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Windows Live
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122932788705
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125268887515
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winzzc32 - C:\WINDOWS\SYSTEM32\winzzc32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Microsoft DLL Registration Component (DLLReg) - Unknown owner - C:\WINDOWS\regsvr32.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
headphone69 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-06-2006, 08:27 PM   #2 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Before we get started I would like to check if a rootkit is present. If there is one present it will need to be taken care of first.

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Download GMER to your desktop.
  • Right Click the Zip and Select Extract All.
  • Open GMER and Click the Tab labeled RootKit.
  • Now Click Scan, it will take a while for the scan to complete.
  • Once done, Copy the results to Notepad and post them in the next reply.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2006, 09:52 AM   #3 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 9
OS: XP Professional


Multiple problems and Toolbar888 adware
11/07/06 11:21:27 [Info]: BlackLight Engine 1.0.47 initialized
11/07/06 11:21:27 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/07/06 11:21:27 [Note]: 7019 4
11/07/06 11:21:27 [Note]: 7005 0
11/07/06 11:21:29 [Note]: 7006 0
11/07/06 11:21:29 [Note]: 7011 2708
11/07/06 11:21:29 [Note]: 7026 0
11/07/06 11:21:29 [Note]: 7026 0
11/07/06 11:21:42 [Note]: FSRAW library version 1.7.1020
11/07/06 11:22:11 [Note]: 7007 0



GMER 1.0.12.11889 - http://www.gmer.net
Rootkit scan 2006-11-07 11:51:18
Windows 5.1.2600 Service Pack 2


---- Files - GMER 1.0.12 ----

ADS ...

---- System - GMER 1.0.12 ----

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.12 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86527E98
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 86527E98
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86527120
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86527120
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E16F23F8
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E16F23F8
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E16F23F8
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E163ED78
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E163ED78
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E163ED78
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CLEANUP 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CLOSE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CREATE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CREATE_MAILSLOT 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_CREATE_NAMED_PIPE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_DEVICE_CHANGE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_DEVICE_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_DIRECTORY_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_FILE_SYSTEM_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_FLUSH_BUFFERS 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_LOCK_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_PNP 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_POWER 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_EA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_QUOTA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_SECURITY 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_QUERY_VOLUME_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_READ 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_EA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_QUOTA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_SECURITY 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SET_VOLUME_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SHUTDOWN 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_SYSTEM_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1 IRP_MJ_WRITE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CLOSE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CREATE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_PNP 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_POWER 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_READ 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_EA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target0Lun0 IRP_MJ_WRITE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_CLEANUP 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_CLOSE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_CREATE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_CREATE_MAILSLOT 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_CREATE_NAMED_PIPE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CHANGE 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_DIRECTORY_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_FLUSH_BUFFERS 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_LOCK_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_PNP 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_POWER 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_QUERY_EA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_QUERY_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_QUERY_QUOTA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_QUERY_SECURITY 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_READ 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_SET_EA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_SET_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_SET_QUOTA 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_SET_SECURITY 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_SHUTDOWN 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 8651EB58
Device \Driver\st3shark \Device\Scsi\st3shark1Port2Path0Target1Lun0 IRP_MJ_WRITE 8651EB58
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1185A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1185A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1185A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1185A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B1185A] avgtdi.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL [F271DD30] tfsnifs.sys

---- Modules - GMER 1.0.12 ----

Module _________ F73DA000

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Ryan\Favorites\ dumpalink.com.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\Aubrey O'Day -- Welcome!.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\C++ Files and Strings.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\C-C++ Help Forums.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\Calories in Wawa - Bacon Egg and Cheese Muffin.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\Carwalls.com - Car wallpapers - free!.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\Christmas\CompUSA » Hard Drives.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\Christmas\Western Digital 500GB My Book Essential Edition External Hard Drive, WDG1U5000N - Wal-Mart.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\Chrome Rims for Cars and trucks at Street Dreams.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\Cis 370\technical risk analysis, decision analysis, consultant, project manager - James F. Wright, PhD.url:favicon
ADS C:\Documents and Settings\Ryan\Favorites\College Pranks.url:favicon

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[904] USER32.dll!DialogBoxIndirectParamA 77D86CAD 5 Bytes JMP 7E31C561 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[904] USER32.dll!DialogBoxIndirectParamW 77D62043 5 Bytes JMP 7E31C526 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[904] USER32.dll!DialogBoxParamA 77D6B11C 5 Bytes JMP 7E31C4EB C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[904] USER32.dll!DialogBoxParamW 77D5662C 5 Bytes JMP 7E31C4B0 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[904] USER32.dll!MessageBoxExA 77D8055C 5 Bytes JMP 7E31C3EE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[904] USER32.dll!MessageBoxExW 77D80538 5 Bytes JMP 7E31C3B4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[904] USER32.dll!MessageBoxIndirectA 77D6A05A 5 Bytes JMP 7E31C46C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[904] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 7E31C428 C:\WINDOWS\system32\IEFRAME.dll

---- EOF - GMER 1.0.12 ----
headphone69 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2006, 12:54 PM   #4 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


OK, the entries in those logs are legit and no rootkit appears to be present. That means we can go right for the jugular and try to knock it all out at once.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

I see you have Ewido anti-spyware 4.0 installed. Ewido has recently been purchased by Grisoft, makers of AVG Antivirus, and the program is now known as AVG Anti-Spyware. It is essentially the same program with a new paintjob; Ewido currently can still be updated to the newest definitions, but this support will likely not last forever. I recommend you uninstall Ewido 4.0, restart your system, then download, install AVG Anti-Spyware and Update it's definitions as directed below, and run a scan where I have it placed in this fix.

Viewing Hidden Files
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.

Downloads(make sure to save these in a permanent location)
AVG Anti-Spyware from HERE
  • Install AVG Anti-Spyware
  • Double-click the icon on Desktop to launch AVG Anti-Spyware
You will need to update AVG Anti-Spyware to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti-Spyware. Do Not run a scan just yet, we will shortly.

Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

combofix.exe-Save it to your Desktop.



Go to <<Start>> then <<Run>> then paste in the single line command then click OK

"%userprofile%\desktop\combofix.exe" /v winzzc32.dll

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Services
Click Start->Run - type SERVICES.MSC & then click on the OK button
  1. Locate the service - Microsoft DLL Registration Component
  2. Double-click on it to open the Properties dialog.
    • Stop the service by using the Stop button.
    • Change the Startup type to Disabled & then click on the OK button
  3. Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
  4. In the popup box that appears, type in DLLReg & then click on the OK button

Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot
  • In the popup box that appears, type in C:\WINDOWS\regsvr32.exe
  • Click the Open button.
  • Click YES when prompted to restart your computer.

Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Reboot to normal mode

Post the logs from Combofix and AVG Antispyware here along with a new Hijackthis log.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2006, 08:11 PM   #5 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 9
OS: XP Professional


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:02:31 PM 11/7/2006

+ Scan result:



C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP425\A0208306.dll -> Trojan.Agent.vg : Cleaned with backup (quarantined).


::Report end



Ryan - 06-11-07 19:59:31.62 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Ryan\desktop"
Command switches used :: /v winzzc32.dll

((((((((((((((((((((((((((((((( Files Created from 2006-10-07 to 2006-11-07 ))))))))))))))))))))))))))))))))))


2006-11-07 19:42 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-07 11:40 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2006-10-14 18:03 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-14 18:03 4,992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-14 18:03 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-14 18:03 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-14 18:03 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-07 19:42 -------- d-------- C:\Program Files\Grisoft
2006-11-07 19:33 -------- d-------- C:\Program Files\SpywareGuard
2006-11-07 19:23 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-11-07 11:21 -------- d-------- C:\Program Files\SpywareBlaster
2006-11-07 00:36 -------- d-------- C:\Program Files\DC++
2006-11-03 18:47 -------- d-------- C:\Program Files\Windows Media Player
2006-11-02 22:00 -------- d-------- C:\Program Files\XoftSpy
2006-11-01 20:20 -------- d-------- C:\Program Files\WS_FTP
2006-11-01 19:08 -------- d-------- C:\Program Files\BitTornado
2006-11-01 19:08 -------- d-------- C:\Documents and Settings\Ryan\Application Data\.BitTornado
2006-10-26 14:15 -------- d-------- C:\Documents and Settings\Ryan\Application Data\CiscoCAA
2006-10-24 14:57 163712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2006-10-17 19:04 -------- d-------- C:\Program Files\Google
2006-10-14 18:59 -------- d-------- C:\Program Files\Common Files
2006-10-14 18:03 -------- d-------- C:\Documents and Settings\Ryan\Application Data\AVG7
2006-10-14 18:02 -------- d---s---- C:\Documents and Settings\Ryan\Application Data\Microsoft
2006-10-14 17:39 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-14 17:38 -------- d-------- C:\Program Files\Symantec
2006-10-13 22:09 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-04 23:13 -------- d-------- C:\Program Files\SoundSpectrum
2006-10-04 22:27 -------- d-------- C:\Documents and Settings\Ryan\Application Data\G-Force
2006-10-03 13:01 -------- d-------- C:\Documents and Settings\Ryan\Application Data\AdobeUM
2006-10-01 18:58 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2006-09-28 22:53 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-28 22:37 -------- d-------- C:\Program Files\THQ
2006-09-20 18:22 -------- d-------- C:\Program Files\3M
2006-09-20 12:01 -------- d-------- C:\Program Files\Lavasoft
2006-09-20 11:57 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-09-20 11:36 -------- d-------- C:\Program Files\iolo
2006-09-19 20:05 -------- d-------- C:\Documents and Settings\Ryan\Application Data\Google
2006-09-15 23:32 -------- d-------- C:\Program Files\Video Desktop Company
2006-09-15 18:04 -------- d-------- C:\Program Files\Microsoft Visual Studio
2006-09-15 18:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-13 23:08 -------- d-------- C:\Program Files\Virtual Drum
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 22:56 -------- d-------- C:\Documents and Settings\Ryan\Application Data\3M
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-11 21:21 -------- d-------- C:\Program Files\WinDeskTools
2006-09-11 20:01 796672 --a------ C:\WINDOWS\GPInstall.exe
2006-09-08 19:53 -------- d-------- C:\Program Files\Empire Interactive
2006-09-05 17:18 56 -r-hs---- C:\WINDOWS\system32\E7282D0E8C.sys
2006-09-05 17:18 1890 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-29 12:03 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-22 23:31 5906432 --------- C:\WINDOWS\system32\ieframe.dll
2006-08-22 23:31 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-08-22 23:31 457728 --------- C:\WINDOWS\system32\msfeeds.dll
2006-08-22 23:31 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-08-22 23:31 225792 --a------ C:\WINDOWS\system32\webcheck.dll
2006-08-22 23:31 175616 --------- C:\WINDOWS\system32\ieui.dll
2006-08-22 23:31 152064 --a------ C:\WINDOWS\system32\msls31.dll
2006-08-22 23:18 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-08-22 23:18 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-08-22 23:17 40448 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-08-22 23:17 105472 --a------ C:\WINDOWS\system32\url.dll
2006-08-22 23:17 100352 --a------ C:\WINDOWS\system32\occache.dll
2006-08-22 23:16 16896 --a------ C:\WINDOWS\system32\corpol.dll
2006-08-22 23:14 378368 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-08-22 23:14 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-08-22 23:13 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-08-22 23:13 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-08-22 23:13 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-08-22 23:13 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-08-22 23:13 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-08-22 23:13 122880 --a------ C:\WINDOWS\system32\advpack.dll
2006-08-22 23:13 11776 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-08-22 23:11 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-08-22 23:10 61440 --------- C:\WINDOWS\system32\icardie.dll
2006-08-22 23:10 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-08-22 23:09 262656 --------- C:\WINDOWS\system32\iertutil.dll
2006-08-22 23:07 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-08-22 22:37 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-08-22 22:36 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-08-22 22:30 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-10 18:46 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"BootSkin Startup Jobs"="\"C:\\Program Files\\Stardock\\WinCustomize\\BootSkin\\BootSkin.exe\" /StartupJobs"
"nwiz"="nwiz.exe /install"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoDriveAutoRun"=hex:ff,ff,ff,03
"NoDesktop"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowCpl]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\DisallowRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictCpl]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Acrobat Speed Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\Installer\\{AC76BA86-1033-0000-7760-100000000002}\\SC_Acrobat.exe "
"item"="Adobe Acrobat Speed Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
"backup"="C:\\WINDOWS\\pss\\Digital Line Detect.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DIGITA~1\\DLG.exe "
"item"="Digital Line Detect"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk]
"backup"="C:\\WINDOWS\\pss\\dlbcserv.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\DELLPH~1\\dlbcserv.exe "
"item"="dlbcserv"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
"location"="Common Startup"
"item"="GetRight - Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Works Calendar Reminders.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe "
"item"="Microsoft Works Calendar Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Post-it® Software Notes Lite.lnk]
"backup"="C:\\WINDOWS\\pss\\Post-it® Software Notes Lite.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\3M\\PSNLite\\PsnLite.exe -RegRun"
"item"="Post-it® Software Notes Lite"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Ryan^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office OneNote 2003 Quick Launch.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MI1933~1\\OFFICE11\\ONENOTEM.EXE /tsr"
"item"="Microsoft Office OneNote 2003 Quick Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DeadAIM"
"hkey"="HKLM"
"command"="rundll32.exe \"C:\\Program Files\\AIM\\\\DeadAIM.ocm\",ExportedCheckODLs"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="quickset"
"hkey"="HKLM"
"command"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WksSb"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WkUFind"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /installquiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="spydoctor"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Spyware Doctor\\spydoctor.exe\" /Q"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sunserver"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wkfud"
"hkey"="HKLM"
"command"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AF3F6A8491A8E044.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-11-07 20:00:35.26
C:\ComboFix.txt ... 06-11-07 20:00




Logfile of HijackThis v1.99.1
Scan saved at 10:13:17 PM, on 11/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Ryan\My Documents\Hijack This\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1122932788705
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1125268887515
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures06.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Last edited by headphone69; 11-07-2006 at 08:15 PM.
headphone69 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-08-2006, 10:19 PM   #6 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Are you still experiencing problems with ads or have we taken care of them?
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2006, 02:51 AM   #7 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 9
OS: XP Professional


All Problems are Fixed.

Thank You So much, now my computer is back to new.

Is there any pointers or tricks i can do to make sure this doesn't happen again?

Thanks Again it was very much apriciated.
headphone69 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-11-2006, 06:50 AM   #8 (permalink)
Analyst, Security Team
 
Vikesrock8411's Avatar
 
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP


Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
  • Tick the checkbox - Turn off System Restore on all drives
  • Click Apply
  • Turn it back 'On' by unticking the same checkbox & click OK

Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
__________________
Vikesrock8411 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:54 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85