|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-29-2006, 07:44 PM
|
#41 (permalink) |
|
Analyst, Security Team
|
It seems like those blue screens may be hardware related. As this is not my area of expertise, I'll refer you to the XP forums. Create a new thread. Please do give them the link of this thread. I'll keep this thread open just in case.
----------------------------------------- For McAfee, I believe you are using the 2005/2006/2007 version. So try this unnstaller. Download the McAfee Removal Tool. Double click on MCPR.exe to launch it, then Click Run. A window should appear and disappear, this is normal. A new window should popup and begin the uninstall. When prompted to reboot your computer type Y. ----------------------------------------- For Winpatrol, try this.
----------------------------------------- You might want to update to SP2 after you solved your issues. 
__________________
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-30-2006, 03:02 AM
|
#42 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 105
OS: XP
|
Thank you, that thing managed to unistall McAfee. But the thing for Winpatrol didnt work, i managed to unregister it with no problems, but when i typed in msiexec /regserver it said "An event was unable to invoke any of the subscribers".
|
|
|
|
|
11-30-2006, 03:26 AM
|
#43 (permalink) |
|
Analyst, Security Team
|
Try this. Please download the attached fix.zipthe bottom of this post. Double click on the zip file and then double click on the file named fix.reg within it. When prompt, click yes to allow it to merge into the registry. After that, try installing Winpatrol.
__________________
|
|
|
|
|
11-30-2006, 08:00 PM
|
#45 (permalink) |
|
Analyst, Security Team
|
Lets try to install the new Windows Installer.
BTW, where is the other thread you posted in the XP forums. Couldn't find it anymore.
__________________
|
|
|
|
|
12-01-2006, 02:52 AM
|
#47 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 105
OS: XP
|
This is really weird it sarted installing it then it closed down and said that
MS130-KB884016 System error. Access denied I am also having a problem with the Spybot search and destroy like when the plugin wanted to change something in the registry it came up and said that it had detected a change to the registry. There wasnt an option to allow the change, There was a box on the left which u could tick to remember this decision then a box with a question mark that brought up info and there was a box which didnt have anything written in it but appeared to just select the box marked remember my decision. Selecting any of these didnt close the window so the only opotion was to use the X in the top left hand corner. Then a pop up said that it had blocked the changes!! How do i allow the changes. Also it looks like it is corrupted the writing is coming out of the boxes and there is text missing if u know what i mean but i tried re-installing it and same thing. |
|
|
|
|
12-03-2006, 04:18 AM
|
#48 (permalink) |
|
Analyst, Security Team
|
Hi nicdonati,
I would like to see a new SREng log. Use the instructions in my previous posts. Do this as well: Silent Runners Please download SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete. When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply.
__________________
|
|
|
|
|
12-03-2006, 05:13 AM
|
#49 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 105
OS: XP
|
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "BitComet" = ""D:\Program Files\BitLord\BitLord.exe"" ["www.BitLord.com"] "SpybotSD TeaTimer" = "C:\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "QKeys" = ""D:\Program Files\QKeys\QKeys.EXE"" ["Taiwan"] "ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."] "ATIPTA" = ""D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] "QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "(Default)" = "(empty string)" [file not found] "SCDEmuApp.exe" = ""D:\Program Files\PowerISO\SCDEmuApp.exe"" ["PowerISO Computing, Inc."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "WinampAgent" = ""D:\Program Files\Winamp3\winampa.exe"" [file not found] "NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "iTunesHelper" = ""D:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "AdaptecDirectCD" = ""D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"] "Acrobat Assistant 7.0" = ""D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer" \StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection" -> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper" \InProcServer32\(Default) = "D:\Program Files\SpywareGuard\dlprotect.dll" [null data] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PowerISOShell.dll" ["PowerISO Computing, Inc."] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided) -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "D:\Program Files\SpywareGuard\spywareguard.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided) -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "D:\Program Files\SpywareGuard\spywareguard.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PowerISOShell.dll" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PowerISOShell.dll" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PowerISOShell.dll" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "D:\WINDOWS\System32\ssmypics.scr" [MS] Sorry posted this on the other thread by mistake!! |
|
|
|
|
12-03-2006, 05:15 AM
|
#51 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 105
OS: XP
|
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "BitComet" = ""D:\Program Files\BitLord\BitLord.exe"" ["www.BitLord.com"] "SpybotSD TeaTimer" = "C:\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "QKeys" = ""D:\Program Files\QKeys\QKeys.EXE"" ["Taiwan"] "ATIModeChange" = "Ati2mdxx.exe" ["ATI Technologies, Inc."] "ATIPTA" = ""D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"" ["ATI Technologies, Inc."] "SunJavaUpdateSched" = ""D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."] "QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."] "(Default)" = "(empty string)" [file not found] "SCDEmuApp.exe" = ""D:\Program Files\PowerISO\SCDEmuApp.exe"" ["PowerISO Computing, Inc."] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "WinampAgent" = ""D:\Program Files\Winamp3\winampa.exe"" [file not found] "NeroFilterCheck" = "D:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "iTunesHelper" = ""D:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "AdaptecDirectCD" = ""D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"] "Acrobat Assistant 7.0" = ""D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"" ["Adobe Systems Inc."] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{26923b43-4d38-484f-9b9e-de460746276c}\(Default) = "Internet Explorer" \StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigIE" [MS] >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "D:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection" -> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper" \InProcServer32\(Default) = "D:\Program Files\SpywareGuard\dlprotect.dll" [null data] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided) -> {HKLM...CLSID} = "Google Toolbar Helper" \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Conversion Toolbar Helper" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PowerISOShell.dll" ["PowerISO Computing, Inc."] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "D:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided) -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "D:\Program Files\SpywareGuard\spywareguard.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{81559C35-8464-49F7-BB0E-07A383BEF910}" = (no title provided) -> {HKLM...CLSID} = "SpywareGuard.Handler" \InProcServer32\(Default) = "D:\Program Files\SpywareGuard\spywareguard.dll" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> WRNotifier\DLLName = "WRLogonNTF.dll" [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PowerISOShell.dll" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PowerISOShell.dll" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" -> {HKLM...CLSID} = "PowerISO" \InProcServer32\(Default) = "D:\Program Files\PowerISO\PowerISOShell.dll" ["PowerISO Computing, Inc."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "D:\WINDOWS\System32\ssmypics.scr" [MS] Startup items in "Nic" & "All Users" startup folders: ----------------------------------------------------- D:\Documents and Settings\Nic\Start Menu\Programs\Startup "SpywareGuard" -> shortcut to: "D:\Program Files\SpywareGuard\sgmain.exe" [null data] D:\Documents and Settings\All Users\Start Menu\Programs\Startup "Photo Loader supervisory" -> shortcut to: "D:\Program Files\CASIO\Photo Loader\Plauto.exe" ["CASIO COMPUTER CO.,LTD."] "Adobe Acrobat Speed Launcher" -> shortcut to: "D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe" [null data] Enabled Scheduled Tasks: ------------------------ "McQcTask" -> launches: "d:\program files\mcafee\mqc\QcConsol.exe 12527 0" [file not found] "McDefragTask" -> launches: "D:\WINDOWS\system32\defrag.exe C: -f" ["Microsoft Corp. and Executive Software International, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 04, 07 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 05 - 06 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "d:\program files\google\googletoolbar3.dll" ["Google Inc."] "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll" ["Adobe Systems Incorporated"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_09" \InProcServer32\(Default) = "D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."] {85D1F590-48F4-11D9-9669-0800200C9A66}\ "MenuText" = "Uninstall BitDefender Online Scanner v8" "Exec" = "%windir%\bdoscandel.exe" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "D:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."] iPodService, iPodService, "D:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."] Simple TCP/IP Services, SimpTcp, "D:\WINDOWS\System32\tcpsvcs.exe" [MS] Ulead Burning Helper, UleadBurningHelper, "D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "D:\WINDOWS\System32\AdobePDF.dll" ["Adobe Systems Incorporated."] ---------- <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 109 seconds. ---------- (total run time: 1017 seconds) |
|
|
|
|
12-03-2006, 05:17 AM
|
#52 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 105
OS: XP
|
Ok thats is the REAL log. I have a problme with SReng, the log is over 40,000 characters way longer than is ollowed to be posted do u still want me to post it. The majority of it is endless porn website adresses listed under hosts I will post the first part
2006-12-03,12  04System Repair Engineer 2.2.6.605 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 1 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <BitComet><"D:\Program Files\BitLord\BitLord.exe"> [www.BitLord.com] <SpybotSD TeaTimer><C:\Spybot - Search & Destroy\TeaTimer.exe> [(Verified)Safer Networking Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <QKeys><"D:\Program Files\QKeys\QKeys.EXE"> [Taiwan] <ATIModeChange><Ati2mdxx.exe> [(Verified)ATI Technologies, Inc.] <ATIPTA><"D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.] <SunJavaUpdateSched><"D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"> [Sun Microsystems, Inc.] <QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] <SCDEmuApp.exe><"D:\Program Files\PowerISO\SCDEmuApp.exe"> [PowerISO Computing, Inc.] <SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.] <WinampAgent><"D:\Program Files\Winamp3\winampa.exe"> [N/A] <NeroFilterCheck><D:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh] <iTunesHelper><"D:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.] <AdaptecDirectCD><"D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [Roxio] <Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation] <Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{81559C35-8464-49F7-BB0E-07A383BEF910}><D:\Program Files\SpywareGuard\spywareguard.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] <WinlogonNotify: WRNotifier><WRLogonNTF.dll> [N/A] ================================== Startup Folders [Photo Loader supervisory] <D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk --> D:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [CASIO COMPUTER CO.,LTD.]><N> [Adobe Acrobat Speed Launcher] <D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk --> D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [N/A]><N> [SpywareGuard] <D:\Documents and Settings\Nic\Start Menu\Programs\Startup\SpywareGuard.lnk --> D:\PROGRA~1\SPYWAR~1\sgmain.exe [N/A]><N> ================================== Services [Adobe LM Service / Adobe LM Service] <"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Application Management / AppMgmt] <D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A> [Ati HotKey Poller / Ati HotKey Poller] <D:\WINDOWS\System32\Ati2evxx.exe><N/A> [InstallDriver Table Manager / IDriverT] <"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [iPodService / iPodService] <D:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.> [Windows Installer / MSIServer] <C:\WINNT\system32\msiexec.exe /V><N/A> [Ulead Burning Helper / UleadBurningHelper] <D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.> ================================== Drivers [Service for Realtek AC97 Audio (WDM) / ALCXWDM] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [ati2mtag / ati2mtag] <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.> [bdfdll / bdfdll] <\??\D:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A> [BDFSDRV / BDFSDRV] <\??\D:\??\D:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A> [Cdr4_xp / Cdr4_xp] <D:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.SYS><Roxio> [Cdralw2k / Cdralw2k] <D:\WINDOWS\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio> [cdudf_xp / cdudf_xp] <D:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.SYS><Roxio> [d347bus / d347bus] <\SystemRoot\System32\DRIVERS\d347bus.sys><> [d347prt / d347prt] <\SystemRoot\System32\Drivers\d347prt.sys><> [Dual-Mode DSC(2770) / DCamUSBSQTECH] <System32\Drivers\SQcaptur.sys><Service & Quality Technology.> [dvd_2K / dvd_2K] <D:\WINDOWS\SYSTEM32\DRIVERS\dvd_2K.SYS><Roxio> [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS] <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.> [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB] <System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.> [GEAR CDRom Filter / GEARAspiWDM] <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.> [mmc_2K / mmc_2K] <D:\WINDOWS\SYSTEM32\DRIVERS\mmc_2K.SYS><Roxio> [MP3Driver / MP3Driver] <D:\WINDOWS\SYSTEM32\DRIVERS\MP3Driver.SYS><N/A> [Mtlmnt5 / Mtlmnt5] <System32\DRIVERS\Mtlmnt5.sys><> [Mtlstrm / Mtlstrm] <System32\DRIVERS\Mtlstrm.sys><> [NSC Infrared Device Driver / NSCIRDA] <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation> [NtMtlFax / NtMtlFax] <System32\DRIVERS\NtMtlFax.sys><> [NTSIM / NTSIM] <\??\D:\WINDOWS\System32\ntsim.sys><VIA Technologies, Inc.> [Direct Parallel Link Driver / Ptilink] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [pwd_2k / pwd_2k] <D:\WINDOWS\SYSTEM32\DRIVERS\pwd_2k.SYS><Roxio> [SCDEmu / SCDEmu] <D:\WINDOWS\SYSTEM32\DRIVERS\SCDEmu.SYS><PowerISO Computing, Inc.> [Secdrv / Secdrv] <System32\DRIVERS\secdrv.sys><N/A> [Sentinel / Sentinel] <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.> [SmartLink AMR_PCI Driver / Slntamr] <System32\DRIVERS\slntamr.sys><> [SlNtHal / SlNtHal] <System32\DRIVERS\Slnthal.sys><> [SlWdmSup / SlWdmSup] <System32\DRIVERS\SlWdmSup.sys><Vireo Software> [tmcomm / tmcomm] <\??\D:\WINDOWS\System32\drivers\tmcomm.sys><Trend Micro Inc.> [UdfReadr_xp / UdfReadr_xp] <D:\WINDOWS\SYSTEM32\DRIVERS\UdfReadr_xp.SYS><Roxio> [V90drv / V90drv] <System32\DRIVERS\v90drv.sys><> [VIA AGP Filter / viaagp1] <\SystemRoot\System32\DRIVERS\viaagp1.sys><N/A> [VIA USB Host Controller Lower Filter / vulfnths] <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.> [VIA USB Roothub Lower Filter / vulfntrs] <\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.> [World Standard Teletext Codec / WSTCODEC] <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> ================================== Browser Add-ons [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [SpywareGuardDLBLOCK.CBrowserHelper] {4A368E80-174F-4872-96B5-0B27DDD11DB2} <D:\Program Files\SpywareGuard\dlprotect.dll, N/A> [] {53707962-6F74-2D53-2644-206D7942484F} <C:\SPYBOT~1\SDHelper.dll, Safer Networking Limited> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.> [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar3.dll, Google Inc.> [Adobe PDF Conversion Toolbar Helper] {AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated> [Java Plug-in 1.5.0_09] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.> [] {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A> [Java Plug-in 1.5.0_09] {8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.5.0_02] {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.5.0_09] {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.5.0_09] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll, Sun Microsystems, Inc.> [Convert link target to Adobe PDF] <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [Convert link target to existing PDF] <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> [Convert selected links to Adobe PDF] <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A> [Convert selected links to existing PDF] <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A> [Convert selection to Adobe PDF] <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [Convert selection to existing PDF] <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> [Convert to Adobe PDF] <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A> [Convert to existing PDF] <res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A> ================================== Running Processes [PID: 640][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 704][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 728][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 776][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 788][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 956][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1056][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1280][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1332][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1644][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)] [D:\Program Files\SpywareGuard\spywareguard.dll] [N/A, 2.02] [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [D:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200] [D:\Program Files\SpywareGuard\dlprotect.dll] [N/A, 2.02] [C:\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0] [PID: 1688][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)] [D:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00] [D:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 7.0.7.2006011200] [PID: 1892][D:\Program Files\QKeys\QKeys.EXE] [Taiwan, 1, 0, 2, 251] [PID: 1912][D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5021] [D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU] [ATI Technologies, Inc., 6.14.10.5021] [D:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5021] [D:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5021] [PID: 1920][D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.90.3] [PID: 1928][D:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.0.3] [PID: 1936][D:\Program Files\PowerISO\SCDEmuApp.exe] [PowerISO Computing, Inc., 2, 6, 1, 1] [PID: 1944][D:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.14] [PID: 1976][D:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 6.0.0.18] [D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 6.0.0.18] [D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 6.0.0.18] [PID: 1988][D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe] [Roxio, 5.3.4.21] [D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll] [Roxio, 5.3.4.21] [D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll] [Roxio, 5.3.4.21] [D:\WINDOWS\System32\CDRTC.DLL] [Roxio, 5.3.4.21] [D:\WINDOWS\System32\cdral.DLL] [Roxio, 5.3.4.21] [PID: 2000][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 7.0.7.2006011200] [PID: 184][D:\Program Files\BitLord\BitLord.exe] [www.BitLord.com, 1.1.] [PID: 248][D:\Program Files\CASIO\Photo Loader\Plauto.exe] [CASIO COMPUTER CO.,LTD., 2.3E] [PID: 556][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 568][D:\WINDOWS\System32\Ati2evxx.exe] [N/A, N/A] [PID: 736][D:\WINDOWS\System32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 792][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1200][D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3] [PID: 2044][D:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 6.0.0.18] [D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 6.0.0.18] [D:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 6.0.0.18] [PID: 2080][D:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1: 2006101023] [D:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [D:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.3] [D:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1: 2006101023] [D:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.3] [D:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.3] [D:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [D:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [D:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [D:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [D:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1: 2006101023] [D:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1: 2006101023] [D:\Program Files\Mozilla Firefox\components\jsd3250.dll] [Mozilla Foundation, 1.8.1: 2006101023] [D:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1: 2006101023] [D:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1: 2006101023] [D:\Program Files\Mozilla Firefox\components\xpinstal.dll] [Mozilla Foundation, 1.8.1: 2006101023] [D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] [N/A, N/A] [D:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1: 2006101023] [D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] [N/A, N/A] [D:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.3 Basic ECC] [D:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.62] [PID: 4004][D:\WINDOWS\System32\WScript.exe] [Microsoft Corporation, 5.6.0.6626] [PID: 620][D:\WINDOWS\System32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 2672][D:\Documents and Settings\Nic\Desktop\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["D:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A |
|
|
|
|
12-03-2006, 05:19 AM
|
#53 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 105
OS: XP
|
This is what the remainder of the log looks like something along these lines,
================================== HOSTS File 127.0.0.1 localhost 127.0.0.1 asy.a8ww.net 127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions] 127.0.0.1 ad588.net #[Win32/PSW.Legendmir] 127.0.0.1 adserver.adbunker.com 127.0.0.1 phpadsnew.abac.com 127.0.0.1 a.abnad.net 127.0.0.1 b.abnad.net 127.0.0.1 c.abnad.net #[IE-SpyAd] 127.0.0.1 d.abnad.net 127.0.0.1 e.abnad.net 127.0.0.1 t.abnad.net 127.0.0.1 adv.abv.bg 127.0.0.1 bimg.abv.bg 127.0.0.1 gtcc1.acecounter.com 127.0.0.1 gtp1.acecounter.com 127.0.0.1 acestats.com 127.0.0.1 www.acestats.com 127.0.0.1 http.acid-burn.info #[W32/Banker.YSP] 127.0.0.1 ads.active.com 127.0.0.1 am1.activemeter.com 127.0.0.1 www.activemeter.com 127.0.0.1 www.activesearch.com #[Adware.ActiveSearch] 127.0.0.1 at.ad2click.nl 127.0.0.1 cms.ad2click.nl 127.0.0.1 banner.ad.nu 127.0.0.1 ad-up.com 127.0.0.1 www.ad-up.com 127.0.0.1 adbest.com #[IE-SpyAd] 127.0.0.1 ad.adbest.com 127.0.0.1 www.adcipta.net #[Norman.W32/Malware] 127.0.0.1 adserv.adbonus.com #[IE-SpyAd] And it just goes on and on and on and on If u want me to post it i will do my best. |
|
|
|
|
12-03-2006, 08:07 PM
|
#54 (permalink) |
|
Analyst, Security Team
|
Gmer
Download gmer from http://www.gmer.net & unzip it to desktop Launch gmer.exe by double-clicking it. Select the rootkit tab & make sure the 'Show All' button is unticked. Press scan & when it has finished press copy & paste the log back here.
__________________
|
|
|
|
|
12-04-2006, 03:14 AM
|
#55 (permalink) |
|
Registered User
Join Date: Nov 2006
Posts: 105
OS: XP
|
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-04 10:14:00 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.12 ---- SSDT d347bus.sys ZwClose SSDT d347bus.sys ZwCreateKey SSDT d347bus.sys ZwCreatePagingFile SSDT d347bus.sys ZwEnumerateKey SSDT d347bus.sys ZwEnumerateValueKey SSDT d347bus.sys ZwOpenKey SSDT d347bus.sys ZwQueryKey SSDT d347bus.sys ZwQueryValueKey SSDT d347bus.sys ZwSetSystemPowerState ---- Kernel code sections - GMER 1.0.12 ---- .text ntdll.dll!NtClose 77F5B5C8 5 Bytes JMP 72033FAA .text ntdll.dll!NtCreateProcess 77F5B728 5 Bytes JMP 72034135 .text ntdll.dll!NtCreateProcessEx 77F5B738 5 Bytes JMP 72034019 .text ntdll.dll!NtCreateSection 77F5B758 5 Bytes JMP 72033FC8 ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82F61D10 Device \FileSystem\UdfReadr_xp \Device\UdfReadr_XP IRP_MJ_READ 82CF8458 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82DD1F00 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82DD1F00 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82D8AD38 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82DD1F00 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82DD1F00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82D7DF00 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_READ 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 82D7DF00 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 82D7DF00 Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 827BDD38 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82D21368 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82D21368 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82CF88A8 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 82CF8CF8 Device \FileSystem\cdudf_xp \Device\CdUdf_XP IRP_MJ_READ 82CAE610 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_READ 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82D74008 Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82D74008 Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82F61D10 Device \FileSystem\Fs_Rec \FileSystem\NtfsRecognizer IRP_MJ_READ 82A81AF8 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 82A81AF8 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 82A81AF8 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 82A81AF8 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 82A81AF8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82CB1200 ---- Modules - GMER 1.0.12 ---- Module _________ F8671000 ---- EOF - GMER 1.0.12 ---- Here you go. The select alll option was only available if i unchecked one of the options so i just made sure they were all checked. I hope that was right. |
|
|
|
| Thread Tools | |
|
|
