Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Avid pc user suddenly gets popup ads
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-16-2007, 01:21 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: xp home


Avid pc user suddenly gets popup ads
Hi there,
I wonder if you could please try to solve my problem? I am running norton firewall and virus checker plus Various pop up stoppers, but I am suddenly plagued with various popup ads, normally just after starting IE7. I have completed the list of all of your pre-post stipulations + I have also run avg and windows defender. I do not use system restore, I prefer to use erunt.
Please can you help, my hijackthis file is as follows: Thanks Matt

Logfile of HijackThis v1.99.1
Scan saved at 19:34:00, on 16/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - blank (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [DATE BAGS COOL DEBUG] C:\Documents and Settings\All Users\Application Data\SIZE SETTINGS DATE BAGS\Comp lies.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" /h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DOG REGS] C:\DOCUME~1\JOHNGR~1\APPLIC~1\PHONEC~1\pile second beep.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV2.1\MediaDetector.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Clipboard Magic.lnk = C:\Program Files\Clipboard Magic\ClipboardMagic.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5774364E-E29E-45D9-A9F9-EEB83ED27E34}: NameServer = 192.168.1.1
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MozyBackup - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Matt Chrome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-17-2007, 02:58 PM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,555
OS: 2000 Pro; XP Pro; XP Home


Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware
  • From the main screen, click on update, then click the Start
    update     button.
  • After the update finishes (the status bar at the bottom will display "Update
    successful")
  • select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Exit AVG Anti-Spyware. DO NOT scan yet.

---------------------------------------------------------------------------------------------

Download and install CleanUp!
NOTE: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! If you don't already know, you're probably not using XP64, but you can download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3. We will use this shortly.

---------------------------------------------------------------------------------------------

Windows Defender

Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.
  • Open Windows Defender.
  • Click on Tools>Options.
  • Scroll down and uncheck "Use real-time protection (recommended)".
  • After you uncheck this, click on the Save button and close Windows Defender.

---------------------------------------------------------------------------------------------

Run NoLOP
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log at the end of this fix.
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --


---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - blank (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [DATE BAGS COOL DEBUG] C:\Documents and Settings\All Users\Application Data\SIZE SETTINGS DATE BAGS\Comp lies.exe
O4 - HKCU\..\Run: [DOG REGS] C:\DOCUME~1\JOHNGR~1\APPLIC~1\PHONEC~1\pile second beep.exe

Close HijackThis now.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------------------------------------


Delete the following if they exist:

C:\Documents and Settings\All Users\Application Data\SIZE SETTINGS DATE BAGS
C:\Documents and Settings\JOHNGR~1 (Your user name)\Application Data\PHONEC~1<<<this will be a folder which begins with phonec
---------------------------------------------------------------------------------------------


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
  • Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.
Click OK
Press the CleanUp! button to start the program. Do NOT Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------


Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Download fl.zip
Extract the contents to a new folder on your Desktop.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with logs from:

C:\NoLOP.log
AVG Anti-Spyware
Panda
C:\findlop.txt
HJT
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-18-2007, 12:20 PM   #3 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: xp home


Grin Keeping fingers crossed - good so far!
Hi tetonbob,
First let me thank you for all your help, it is very much appreciated!
I have followed all your instructions to the letter and I now enclose the logs requested, fingers crossed You have sorted this out for me, I haven`t had a popup yet!
Here goes:


NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\John Greenwood\Desktop
[17/01/2007]
[22:51:36]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\ADB682E0911936B8.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator.dining\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Antivir Personaledition Classic
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\Documents and Settings\All Users\Application Data\Bt Yahoo!
C:\Documents and Settings\All Users\Application Data\Efax Messenger 4.2 Setup
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Olympus
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Raxco
C:\Documents and Settings\All Users\Application Data\Size Settings Date Bags
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Tuneup Software
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\John Greenwood\Application Data\1clickpro -- EMPTY Directory
C:\Documents and Settings\John Greenwood\Application Data\Adobe
C:\Documents and Settings\John Greenwood\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\John Greenwood\Application Data\Ahead
C:\Documents and Settings\John Greenwood\Application Data\Apple Computer
C:\Documents and Settings\John Greenwood\Application Data\Arcsoft
C:\Documents and Settings\John Greenwood\Application Data\Bitgrabber
C:\Documents and Settings\John Greenwood\Application Data\Canon -- EMPTY Directory
C:\Documents and Settings\John Greenwood\Application Data\Converttemp -- EMPTY Directory
C:\Documents and Settings\John Greenwood\Application Data\Cybermatrix
C:\Documents and Settings\John Greenwood\Application Data\Develcor
C:\Documents and Settings\John Greenwood\Application Data\Dvdcss
C:\Documents and Settings\John Greenwood\Application Data\Efax Messenger
C:\Documents and Settings\John Greenwood\Application Data\Exo
C:\Documents and Settings\John Greenwood\Application Data\Google
C:\Documents and Settings\John Greenwood\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\John Greenwood\Application Data\Identities
C:\Documents and Settings\John Greenwood\Application Data\Intertrust
C:\Documents and Settings\John Greenwood\Application Data\Intervideo
C:\Documents and Settings\John Greenwood\Application Data\Kazaa Lite
C:\Documents and Settings\John Greenwood\Application Data\Lavasoft
C:\Documents and Settings\John Greenwood\Application Data\Leadertech
C:\Documents and Settings\John Greenwood\Application Data\Macromedia
C:\Documents and Settings\John Greenwood\Application Data\Microsoft
C:\Documents and Settings\John Greenwood\Application Data\Motive
C:\Documents and Settings\John Greenwood\Application Data\Mozilla
C:\Documents and Settings\John Greenwood\Application Data\Myfamily.com
C:\Documents and Settings\John Greenwood\Application Data\Netscape
C:\Documents and Settings\John Greenwood\Application Data\Opera
C:\Documents and Settings\John Greenwood\Application Data\Phonechintick
C:\Documents and Settings\John Greenwood\Application Data\Real
C:\Documents and Settings\John Greenwood\Application Data\Samsung
C:\Documents and Settings\John Greenwood\Application Data\Serif
C:\Documents and Settings\John Greenwood\Application Data\Shareaza
C:\Documents and Settings\John Greenwood\Application Data\Slysoft
C:\Documents and Settings\John Greenwood\Application Data\Sun
C:\Documents and Settings\John Greenwood\Application Data\Superadblocker.com
C:\Documents and Settings\John Greenwood\Application Data\Temporary
C:\Documents and Settings\John Greenwood\Application Data\Tenebril
C:\Documents and Settings\John Greenwood\Application Data\Transrender -- EMPTY Directory
C:\Documents and Settings\John Greenwood\Application Data\Tuneup Software
C:\Documents and Settings\John Greenwood\Application Data\Vlc
C:\Documents and Settings\John Greenwood\Application Data\Vso
C:\Documents and Settings\John Greenwood\Application Data\Vso_hwe -- EMPTY Directory
C:\Documents and Settings\John Greenwood\Application Data\Yahoo!
C:\Documents and Settings\John Greenwood\Application Data\Zoner
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 07:00:09 18/01/2007

+ Scan result:



C:\Documents and Settings\John Greenwood\My Documents\Downloads\ads filter 1 46.zip/install.exe -> Hijacker.Agent.hi : Cleaned with backup (quarantined).


::Report end






Incident Status Location

Spyware:spyware/bridge Not disinfected c:\windows\system32\BRIDGE.SY_
Virus:trj/abwiz.a Not disinfected Operating system
Adware:adware/cws Not disinfected C:\Documents and Settings\John Greenwood\Favorites\Insurance
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
Potentially unwanted tool:Application/Psshutdown.A Not disinfected C:\Program Files\Winamp\Skins\EPS_High-End_System_v1_test.wal[shutdown.exe]
Volume in drive C has no label.
Volume Serial Number is F83C-8887

Directory of C:\Documents and Settings\Administrator\Application Data

Volume in drive C has no label.
Volume Serial Number is F83C-8887

Directory of C:\Documents and Settings\All Users\Application Data

02/06/2006 21:12 <DIR> Adobe
02/06/2006 19:22 <DIR> Adobe Systems
03/06/2006 10:48 <DIR> Ahead
19/06/2006 23:05 <DIR> AntiVir PersonalEdition Classic
30/11/2006 14:09 <DIR> Apple Computer
14/12/2006 17:19 <DIR> Bluetooth
03/06/2006 19:49 <DIR> BT Yahoo!
05/07/2006 15:58 <DIR> eFax Messenger 4.2 Setup
14/09/2006 19:08 <DIR> Google
17/10/2006 19:02 0 LauncherAccess.dt
12/10/2006 21:55 <DIR> nView_Profiles
03/06/2006 11:07 <DIR> OLYMPUS
01/09/2006 11:44 <DIR> QuickTime
08/06/2006 22:03 <DIR> Raxco
19/06/2006 23:22 <DIR> Spybot - Search & Destroy
18/01/2007 17:13 <DIR> Symantec
02/06/2006 18:54 <DIR> TuneUp Software
19/08/2006 19:10 <DIR> Ulead Systems
27/05/2006 23:43 <DIR> Windows Genuine Advantage
29/08/2006 13:57 <DIR> Yahoo!
1 File(s) 0 bytes
19 Dir(s) 23,057,362,944 bytes free
Volume in drive C has no label.
Volume Serial Number is F83C-8887

Directory of C:\Documents and Settings\John Greenwood\Application Data

29/07/2006 15:47 <DIR> 1clickPro
02/06/2006 21:13 <DIR> Adobe
17/01/2007 11:34 <DIR> AdobeUM
29/12/2006 21:32 <DIR> Ahead
05/06/2006 17:57 <DIR> Apple Computer
24/06/2006 20:19 <DIR> Arcsoft
12/01/2007 14:43 <DIR> BitGrabber
17/01/2007 18:06 <DIR> Canon
16/09/2006 21:06 <DIR> ConvertTemp
23/07/2006 09:22 <DIR> CyberMatrix
18/09/2006 21:48 <DIR> DevelCor
21/12/2006 15:42 <DIR> dvdcss
05/07/2006 15:59 <DIR> eFax Messenger
11/12/2006 12:52 <DIR> Exo
02/11/2006 17:24 <DIR> Google
19/06/2006 23:07 <DIR> Help
27/05/2006 20:36 <DIR> Identities
24/06/2006 20:07 <DIR> InterTrust
21/12/2006 16:18 <DIR> InterVideo
29/08/2006 19:06 <DIR> Kazaa Lite
19/06/2006 23:09 <DIR> Lavasoft
21/10/2006 20:14 <DIR> Leadertech
27/05/2006 21:25 <DIR> Macromedia
03/06/2006 20:15 <DIR> Motive
26/08/2006 21:40 <DIR> Mozilla
18/06/2006 19:53 <DIR> MyFamily.com
26/08/2006 21:40 <DIR> Netscape
19/06/2006 23:00 <DIR> Opera
27/06/2006 21:18 <DIR> Real
16/09/2006 13:48 <DIR> Samsung
19/08/2006 22:23 <DIR> Serif
03/01/2007 22:34 <DIR> Shareaza
10/11/2006 22:09 <DIR> SlySoft
27/05/2006 22:22 <DIR> Sun
13/01/2007 00:54 <DIR> SuperAdBlocker.com
17/10/2006 18:30 <DIR> Temporary
18/08/2006 12:27 <DIR> Tenebril
18/09/2006 15:16 <DIR> TransRender
02/06/2006 18:55 <DIR> TuneUp Software
05/07/2006 21:54 <DIR> vlc
15/01/2007 00:19 <DIR> Vso
17/11/2006 15:57 <DIR> VSO_HWE
21/11/2006 20:09 <DIR> Yahoo!
19/08/2006 17:34 <DIR> Zoner
0 File(s) 0 bytes
44 Dir(s) 23,057,362,944 bytes free
Volume in drive C has no label.
Volume Serial Number is F83C-8887

Directory of C:\Documents and Settings\Default User\Application Data

27/05/2006 19:03 <DIR> .
27/05/2006 19:03 <DIR> ..
17/06/2006 21:40 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 23,057,362,944 bytes free
Volume in drive C has no label.
Volume Serial Number is F83C-8887

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is F83C-8887

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'AppleSoftwareUpdate.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Apple Software Update\SoftwareUpdate.exe'
Parameters: '-Task'
WorkingDirectory: ''
Comment: ''
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 01/23/2007 11:26:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_HAS_NOT_RUN
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: ..T....
StartDate: 11/30/2006
EndDate: 00/00/0000
StartTime: 11:26
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'MP Scheduled Scan.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Windows Defender\MpCmdRun.exe'
Parameters: 'Scan -RestrictPrivileges'
WorkingDirectory: ''
Comment: 'Scheduled Scan'
Creator: 'SYSTEM'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_DISABLED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 1
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 1
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 0
SystemRequired = 0
Hidden = 1
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .M.....
StartDate: 01/18/2007
EndDate: 00/00/0000
StartTime: 01:56
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Norton AntiVirus - Run Full System Scan - John Greenwoo
d.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\Yahoo!\NAV\Navw32.exe'
Parameters: '/TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: 'John Greenwood'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 01/12/2007 20:00:00
NextRun: 01/19/2007 20:00:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 08/29/2006
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0




Logfile of HijackThis v1.99.1
Scan saved at 18:53:39, on 18/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Softick\PPP\Bin\PPPGate.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\AutoSizer\AutoSizer.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BlazeVideo\BlazeDTV2.1\MediaDetector.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Kirby Alarm\kirbyalarm.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Clipboard Magic\ClipboardMagic.exe
C:\Program Files\Mozy\mozystat.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoftickPPP] "C:\Program Files\Softick\PPP\Bin\PPPGate.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" /h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV2.1\MediaDetector.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DOG REGS] C:\DOCUME~1\JOHNGR~1\APPLIC~1\PHONEC~1\pile second beep.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Startup: Clipboard Magic.lnk = C:\Program Files\Clipboard Magic\ClipboardMagic.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kirby Alarm.lnk = C:\Program Files\Kirby Alarm\kirbyalarm.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5774364E-E29E-45D9-A9F9-EEB83ED27E34}: NameServer = 192.168.1.1
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MozyBackup - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Please could you tell me the main culprit of my popup nightmare if it has now gone?
Thank you sooo much Matt.
Matt Chrome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-18-2007, 07:39 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,555
OS: 2000 Pro; XP Pro; XP Home


The infection you had was adware called LOP. Often brought in by a program called MessengerPlus! or MessengerPlus!3 If you have this program (I don't see it in your logs) uninstall it. If it's a must have, reinstall it but decline the 'sponsor' program when asked at install time.

---------------------------------------------------------------------------------------------

I can't find enough information for this file -> c:\windows\system32\BRIDGE.SY_
Right click on that file and go to Properties. Then go to the Version tab and see what information you can get from there (Company, Description, etc.) and post it here.

---------------------------------------------------------------------------------------------

Have you intentionally created this folder in your Favorites? If not, delete it. If so, make sure all links in there are ones you've created.

C:\Documents and Settings\John Greenwood\Favorites\Insurance

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

O4 - HKCU\..\Run: [DOG REGS] C:\DOCUME~1\JOHNGR~1\APPLIC~1\PHONEC~1\pile second beep.exe

Close HijackThis now.

---------------------------------------------------------------------------------------------

I think you already got this folder, but make sure it's gone:

C:\Documents and Settings\John Greenwood\Application Data\Phonechintick

---------------------------------------------------------------------------------------------

Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:
REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}]
Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------
  1. Download combofix.exe to your desktop.
  2. Double click on combofix.exe & follow the prompts.
  3. When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2007, 12:37 PM   #5 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: xp home


Thumbs Up
Hi tetonbob,
I`ve tried to check the file BRIDGE.SY_ but there is no version tab in properties, only a summary tab. there are no details anywhere in properties, the file is 32.9kb and it says that it opens with an unknown application.

I`ve deleted the files you mentioned and run the file delete.reg and also combofix. here is the log:

"John Greenwood" - 07-01-19 19:08:09 Service Pack 2
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\John Greenwood\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\vbzip11.dll


((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


2007-01-18 16:59 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-17 22:52 <DIR> d-------- C:\NoLopBackups
2007-01-17 11:10 155,648 --a------ C:\WINDOWS\system32\RAMASST.exe
2007-01-17 11:10 135,168 --a------ C:\WINDOWS\system32\DVDMenu.dll
2007-01-17 11:10 110,592 --a------ C:\WINDOWS\system32\DVDRAMSV.exe
2007-01-17 11:10 105,872 --a------ C:\WINDOWS\system32\drivers\meiudf.sys
2007-01-17 11:10 <DIR> d-------- C:\Program Files\DVD-RAM
2007-01-15 19:43 <DIR> d-------- C:\Program Files\Windows Defender
2007-01-15 00:45 <DIR> d-------- C:\DOCUME~1\JOHNGR~1\.housecall6.6
2007-01-14 12:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-01-13 00:54 <DIR> d-------- C:\DOCUME~1\JOHNGR~1\Application Data\SuperAdBlocker.com
2007-01-13 00:53 <DIR> d-------- C:\Program Files\SuperAdBlocker.com
2007-01-12 18:33 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-12 18:33 <DIR> d-------- C:\Program Files\Grisoft
2007-01-12 14:43 <DIR> d-------- C:\DOCUME~1\JOHNGR~1\Application Data\BitGrabber
2007-01-12 14:42 <DIR> d-------- C:\Program Files\phonechintick
2007-01-12 14:42 <DIR> d-------- C:\Program Files\BitGrabber
2007-01-11 23:42 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-08 17:36 <DIR> d-------- C:\Program Files\Instant Photo Artist
2007-01-07 18:06 0 --a------ C:\WINDOWS\buZZP2lic.dll
2007-01-07 01:02 <DIR> d-------- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2007-01-07 01:02 <DIR> d-------- C:\Program Files\ArtMasterPro
2007-01-03 22:34 <DIR> d-------- C:\DOCUME~1\JOHNGR~1\Application Data\Shareaza
2007-01-02 00:01 <DIR> d-------- C:\HJT
2007-01-01 18:24 0 --a------ C:\yfbkr.exe
2006-12-31 21:54 <DIR> d-------- C:\WINDOWS\vbSkinner
2006-12-31 21:53 <DIR> d-------- C:\Program Files\PFConfig
2006-12-29 22:23 86,016 --------- C:\WINDOWS\system32\pxwma.dll
2006-12-29 22:23 105,472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-12-29 20:53 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2006-12-23 22:13 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-12-23 22:13 286,720 --------- C:\WINDOWS\Setup1.exe
2006-12-22 18:00 <DIR> d-------- C:\MODERN~1
2006-12-21 16:18 <DIR> d-------- C:\DOCUME~1\JOHNGR~1\Application Data\InterVideo
2006-12-21 16:16 <DIR> d-------- C:\Program Files\InterVideo
2006-12-21 15:42 <DIR> d-------- C:\DOCUME~1\JOHNGR~1\Application Data\dvdcss


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-19 17:07 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-18 17:43 -------- d-------- C:\Program Files\symantec
2007-01-18 17:42 -------- d-------- C:\Program Files\quicktime
2007-01-18 17:41 -------- d-------- C:\Program Files\mozy
2007-01-18 17:40 -------- d-------- C:\Program Files\microsoft activesync
2007-01-18 17:40 -------- d-------- C:\Program Files\messenger
2007-01-18 17:38 -------- d-------- C:\Program Files\google
2007-01-18 17:37 -------- d-------- C:\Program Files\ewido anti-malware
2007-01-18 17:37 -------- d-------- C:\Program Files\efax messenger 4.2
2007-01-18 17:34 -------- d-------- C:\Program Files\clipboard magic
2007-01-18 17:23 -------- d-------- C:\Program Files\autosizer
2007-01-17 18:06 -------- d-------- C:\DOCUME~1\JOHNGR~1\Application Data\canon
2007-01-17 11:34 -------- d-------- C:\DOCUME~1\JOHNGR~1\Application Data\adobeum
2007-01-17 11:10 -------- d--h----- C:\Program Files\installshield installation information
2007-01-15 00:19 -------- d-------- C:\DOCUME~1\JOHNGR~1\Application Data\vso
2007-01-13 01:36 -------- d-------- C:\Program Files\Common Files\wise installation wizard
2007-01-11 22:32 -------- d-------- C:\Program Files\Common Files\ahead
2007-01-11 18:09 -------- d-------- C:\Program Files\auction sentry
2007-01-09 19:20 -------- d-------- C:\Program Files\k-lite
2007-01-09 19:20 -------- d-------- C:\Program Files\canon
2007-01-04 23:55 -------- d-------- C:\Program Files\dan elwell's broadband speed test
2007-01-04 18:05 -------- d-------- C:\Program Files\ahead
2007-01-03 22:04 -------- d-------- C:\Program Files\java
2006-12-29 21:32 -------- d-------- C:\DOCUME~1\JOHNGR~1\Application Data\ahead
2006-12-29 15:57 -------- d-------- C:\Program Files\Common Files\adobe
2006-12-22 00:50 48776 --a------ C:\WINDOWS\system32\s32evnt1.dll
2006-12-22 00:50 115000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-12-21 13:01 -------- d-------- C:\Program Files\championship manager 2006
2006-12-16 19:45 -------- d-------- C:\Program Files\thq
2006-12-14 17:11 -------- d-------- C:\Program Files\ivt corporation
2006-12-11 21:25 40 ---hs---- C:\DOCUME~1\JOHNGR~1\Application Data\.zreglib
2006-12-11 12:52 -------- d-------- C:\DOCUME~1\JOHNGR~1\Application Data\exo
2006-12-08 16:43 29768 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2006-12-08 16:43 15440 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2006-12-08 16:43 11984 --a------ C:\WINDOWS\system32\drivers\RegKill.sys
2006-12-06 21:00 -------- d-------- C:\Program Files\family tree maker 2006
2006-12-04 21:14 81920 --a------ C:\WINDOWS\system32\elbycdio.dll
2006-12-02 16:34 -------- d-------- C:\Program Files\Common Files\nullsoft
2006-12-02 16:34 -------- d-------- C:\Program Files\Common Files\nsv
2006-11-30 14:08 -------- d-------- C:\Program Files\apple software update
2006-11-30 13:56 -------- d-------- C:\Program Files\Common Files\xing shared
2006-11-30 13:56 -------- d-------- C:\Program Files\Common Files\real
2006-11-30 13:49 -------- d-------- C:\Program Files\windows media connect 2
2006-11-30 13:44 -------- d-------- C:\Program Files\winamp
2006-11-27 21:47 -------- d-------- C:\Program Files\trueswitch
2006-11-27 21:42 107688 --a------ C:\WINDOWS\trueinstall.exe
2006-11-27 20:38 -------- d-------- C:\Program Files\tvants
2006-11-21 20:09 -------- d-------- C:\DOCUME~1\JOHNGR~1\Application Data\yahoo!
2006-11-20 23:57 167424 --a------ C:\WINDOWS\system32\spoonuninstall.exe
2006-11-20 23:49 -------- d-------- C:\Program Files\cd to mp3 freeware
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-28 05:42 1555779 ---hs---- C:\WINDOWS\svhost.exe
2006-10-21 20:21 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"AutoSizer"="\"C:\\Program Files\\AutoSizer\\AutoSizer.exe\" /h"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"eFax 4.2"="\"C:\\Program Files\\eFax Messenger 4.2\\J2GDllCmd.exe\" /R"
"C-Media Mixer"="Mixer.exe /startup"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"YBrowser"="C:\\PROGRA~1\\Yahoo!\\browser\\ybrwicon.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"YOP"="C:\\PROGRA~1\\Yahoo!\\YOP\\yop.exe /autostart"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"DJSNetCN"="C:\\Program Files\\Common Files\\Symantec Shared\\DJSNETCN.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BlueSoleil.lnk"
"backup"="C:\\WINDOWS\\pss\\BlueSoleil.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE "
"item"="BlueSoleil"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\InterVideo WinCinema Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
"item"="InterVideo WinCinema Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kirby Alarm.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kirby Alarm.lnk"
"backup"="C:\\WINDOWS\\pss\\Kirby Alarm.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\KIRBYA~1\\KIRBYA~1.EXE "
"item"="Kirby Alarm"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John Greenwood^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Find Fast.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\FINDFAST.EXE "
"item"="Microsoft Find Fast"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John Greenwood^Start Menu^Programs^Startup^Microsoft Office Shortcut Bar.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office Shortcut Bar.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\MSOFFICE.EXE "
"item"="Microsoft Office Shortcut Bar"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John Greenwood^Start Menu^Programs^Startup^Mozy Status.lnk]
"path"="C:\\Documents and Settings\\John Greenwood\\Start Menu\\Programs\\Startup\\Mozy Status.lnk"
"backup"="C:\\WINDOWS\\pss\\Mozy Status.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Mozy\\mozystat.exe "
"item"="Mozy Status"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^John Greenwood^Start Menu^Programs^Startup^Office Startup.lnk]
"backup"="C:\\WINDOWS\\pss\\Office Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA.EXE -b"
"item"="Office Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKCU"
"command"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaDetector"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BlazeVideo\\BlazeDTV2.1\\MediaDetector.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOG REGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pile second beep"
"hkey"="HKCU"
"command"="C:\\DOCUME~1\\JOHNGR~1\\APPLIC~1\\PHONEC~1\\pile second beep.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NBJ"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PPPGate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Softick\\PPP\\Bin\\PPPGate.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMPNSCFG"
"hkey"="HKCU"
"command"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"InCDsrv"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SABWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8d07ec2f-f259-11da-8612-00507092523f}]
Shell\AutoRun\command J:\setup.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2dd290a-75c7-11db-ae14-806d6172696f}]
Shell\AutoRun\command D:\install.exe



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070117-231459-342
O4 - HKLM\..\Run: [DATE BAGS COOL DEBUG] C:\Documents and Settings\All Users\Application Data\SIZE SETTINGS DATE BAGS\Comp lies.exe
backup-20070117-231459-122
O4 - HKCU\..\Run: [DOG REGS] C:\DOCUME~1\JOHNGR~1\APPLIC~1\PHONEC~1\pile second beep.exe
backup-20070117-231459-956
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
backup-20070116-221147-592
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070116-221147-358
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
backup-20070116-221147-535
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20070116-221147-721
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
backup-20070116-221147-326
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
backup-20070116-221147-139
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - blank (file missing)
backup-20070116-221147-691
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
backup-20070115-221807-978
O4 - HKCU\..\Run: [DOG REGS] C:\DOCUME~1\JOHNGR~1\APPLIC~1\PHONEC~1\pile second beep.exe
backup-20070113-181818-296
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.savewealth.com/support/ie6/search/
backup-20070103-222019-402
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20070103-222019-182
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20070103-222019-550
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20070102-001542-381
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
backup-20070102-001542-681
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
backup-20070102-001542-464
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - John Greenwood.job

Completion time: 07-01-19 19:11:43


and a new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 19:31:30, on 19/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Yahoo!\NAV\navapsvc.exe
C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\Yahoo!\YOP\secstat.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Personal Firewall - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Yahoo!\NAV\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eFax 4.2] "C:\Program Files\eFax Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O4 - HKCU\..\Run: [AutoSizer] "C:\Program Files\AutoSizer\AutoSizer.exe" /h
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Clipboard Magic.lnk = C:\Program Files\Clipboard Magic\ClipboardMagic.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5774364E-E29E-45D9-A9F9-EEB83ED27E34}: NameServer = 192.168.1.1
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Yahoo!\NPF\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\DJSNETCN.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MozyBackup - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Yahoo!\NAV\SAVScan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



Thank you once again tetonbob.

Can I say that you guys at Tech support are the bee`s I don`t know where we would be without you!! Matt.
Matt Chrome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2007, 08:19 PM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,555
OS: 2000 Pro; XP Pro; XP Home


Hi Matt -

I'd like another opinion on this file...

Please go to: VirusTotal
  • At the top of the page you'll find a "Browse" button. Click the "Browse" button and browse to this file in BOLD:

    c:\windows\system32\BRIDGE.SY_

  • Click "Open".
  • Then click the "Send" button at the top of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Repeat for this file:

    C:\WINDOWS\system32\pxwma.dll
  • Once scanned, copy and paste the results in your next reply.


---------------------------------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

phonechintick

---------------------------------------------------------------------------------------------

Delete this folder:

C:\Program Files\phonechintick

And this file:

C:\yfbkr.exe

If they resist, boot to safe mode and delete from there.

---------------------------------------------------------------------------------------------

Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):

Quote:
REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DOG REGS]
Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:

Close Notepad.

Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.

---------------------------------------------------------------------------------------------

It looks like you removed some items with HJT before posting here. Items which can be associated with a couple different infections....please do this:

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

---------------------------------------------------------------------------------------------

Download GMER Rootkit Scanner from here or here.

Unzip it to your Desktop and double-click gmer.exe

Run the program and select the Rootkit tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. It will produce a log. Copy the log using the Copy button , Open Notepad and paste the log into a new text file (Using Ctrl + V), save it somewhere you can find it, and post the log in this thread.

---------------------------------------------------------------------------------------------

Create an uninstall list:
  • Open HiJackThis
  • Click on the button " Open the Misc Tools section"
  • Click on the Box that says "Open Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notepad file into your post

Please return with results from:

VirusTotal
Smitfraudfix (located at C:\rapport.txt)
gmer
Uninstall list
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 07:53 AM   #7 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: xp home


scans and logs
Hi tetonbob, here are the scans and logs as requested

I tried to enter all the scans, but it said it was too long so I`ll send the virustotal ones seperately in a minute Matt.



SmitFraudFix v2.132

Scan done at 22:15:48.53, 20/01/2007
Run from C:\Documents and Settings\John Greenwood\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Greenwood


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\John Greenwood\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHNGR~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-21 14:03:35
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 8611A550 ZwAlertResumeThread
SSDT 860F6648 ZwAlertThread
SSDT 8602FB78 ZwAllocateVirtualMemory
SSDT 8604D228 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 859C7748 ZwCreateMutant
SSDT 8610E1D8 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT 860E2A70 ZwFreeVirtualMemory
SSDT 860E08D8 ZwImpersonateAnonymousToken
SSDT 8668A4D8 ZwImpersonateThread
SSDT 860254F8 ZwMapViewOfSection
SSDT 859AA3B0 ZwOpenEvent
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT 860E23B8 ZwOpenProcessToken
SSDT 860D7E98 ZwOpenThreadToken
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT 860D68D8 ZwResumeThread
SSDT 86372C08 ZwSetContextThread
SSDT 8615D220 ZwSetInformationProcess
SSDT 8610D648 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 863622C0 ZwSuspendProcess
SSDT 860BDA70 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 8616D908 ZwTerminateThread
SSDT 860E2E98 ZwUnmapViewOfSection
SSDT 862A16E8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!_abnormal_termination + 478 804E2AD4 1 Byte [ 98 ]
.text ntoskrnl.exe!_abnormal_termination + 47A 804E2AD6 2 Bytes [ 0E, 86 ]
.text USBPORT.SYS!DllUnload F6D5C62C 5 Bytes JMP 865B9970
.text ntdll.dll!NtClose 7C90D586 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 7C90D754 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 7C90D769 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 7C90D793 5 Bytes JMP 72033FC8

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D01D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D01D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 865C8990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 865C8990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 8602B990
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 8602B990
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 8602B990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 865C1990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 865C1990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 865C1990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C1990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 865C1990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 865C1990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 865C1990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 865C1990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 865C1990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 865C1990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C1990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 865C1990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 865C1990
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 865C1990
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 865EE1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 865EE1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 865EE1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865EE1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 865EE1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 865EE1D8
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 865EE1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D21D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 865CC1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D21D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 865CC1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 8676B1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 8676B1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 865CC1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 865CC1D8
Device \Driver\00000037 \Device\00000074 IRP_MJ_POWER [F7753DB6] sptd.sys
Device \Driver\00000037 \Device\00000074 IRP_MJ_SYSTEM_CONTROL [F776973C] sptd.sys
Device \Driver\00000037 \Device\00000074 IRP_MJ_PNP [F776277E] sptd.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85F5A4B0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 85F5A4B0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 85F5A4B0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 85F5A4B0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 85F5A4B0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 85F5A4B0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85F5A4B0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 85F5A4B0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 85F5A4B0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 85F5A4B0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 85F5A4B0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{6A8F7DB9-56CC-4186-82F3-C062859F8271} IRP_MJ_CREATE 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{6A8F7DB9-56CC-4186-82F3-C062859F8271} IRP_MJ_CLOSE 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{6A8F7DB9-56CC-4186-82F3-C062859F8271} IRP_MJ_DEVICE_CONTROL 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{6A8F7DB9-56CC-4186-82F3-C062859F8271} IRP_MJ_INTERNAL_DEVICE_CONTROL 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{6A8F7DB9-56CC-4186-82F3-C062859F8271} IRP_MJ_CLEANUP 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{6A8F7DB9-56CC-4186-82F3-C062859F8271} IRP_MJ_PNP 85F5A4B0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 865C1990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 865C1990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 865C1990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C1990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 865C1990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 865C1990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 865C1990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 865C1990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 865C1990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 865C1990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865C1990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 865C1990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 865C1990
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 865C1990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 860CB668
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 860CB668
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 865EE1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 865EE1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 865EE1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 865EE1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 865EE1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 865EE1D8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 865EE1D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 860CB668
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 860CB668
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D21D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D21D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5774364E-E29E-45D9-A9F9-EEB83ED27E34} IRP_MJ_CREATE 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{5774364E-E29E-45D9-A9F9-EEB83ED27E34} IRP_MJ_CLOSE 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{5774364E-E29E-45D9-A9F9-EEB83ED27E34} IRP_MJ_DEVICE_CONTROL 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{5774364E-E29E-45D9-A9F9-EEB83ED27E34} IRP_MJ_INTERNAL_DEVICE_CONTROL 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{5774364E-E29E-45D9-A9F9-EEB83ED27E34} IRP_MJ_CLEANUP 85F5A4B0
Device \Driver\NetBT \Device\NetBT_Tcpip_{5774364E-E29E-45D9-A9F9-EEB83ED27E34} IRP_MJ_PNP 85F5A4B0
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1Port2Path0Target0Lun0 IRP_MJ_CREATE 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1Port2Path0Target0Lun0 IRP_MJ_CLOSE 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1Port2Path0Target0Lun0 IRP_MJ_POWER 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1Port2Path0Target0Lun0 IRP_MJ_PNP 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1 IRP_MJ_CREATE 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1 IRP_MJ_CLOSE 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1 IRP_MJ_DEVICE_CONTROL 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1 IRP_MJ_POWER 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1 IRP_MJ_SYSTEM_CONTROL 865B7990
Device \Driver\a0gjkbhq \Device\Scsi\a0gjkbhq1 IRP_MJ_PNP 865B7990
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 865C8990
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 865C8990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 853E3990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 853E3990
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible B8678BCE

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{29D83109-D499-A3EF-54ABD4209B2D5F0C}\{354D4B2F-7299-D6B0-F9DE68C9556AEC8D}\{1096A586-413B-60D3-8347C002DC18071C}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AD212F18-226F-19C5-6836DC0F322A8CD1}\{165CDB28-57BC-2FFB-C17032E84F1598CE}\{1D773DA2-1E07-1A59-CFCCE9D8E9744932}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{ADCDC452-5950-0BD6-5DEB640DBA321648}\{0A2FAA8F-EDBD-61CA-231081ECE2D6CFC4}\{38D3EADC-5C2C-A096-9079D739DE5BCFA9}@VBOGEGOY1DKTBDELSVQBDYRDXB1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E7B204E0-BEBC-178E-3D5843FA29654C53}\{3C878D1C-F718-E518-23B546720DC1FE96}\{EDC76395-4F05-4B1F-261E6161FD3BFAB2}@VBOGEGOY1DKTBDELSVQBDYRDXB1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Shared Tools\
Reg \Registry\USER\S-1-5-21-1409082233-436374069-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A59589-531B-E07F-8E06-5867CAFDBB3E}@abeflpdnpgcciffaicegnajaknhkbodfnf 0x61 0x61 0x00 0x00
Reg \Registry\USER\S-1-5-21-1409082233-436374069-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{30A59589-531B-E07F-8E06-5867CAFDBB3E}@bbeflpdnpgcciffaichgacfkpikdcfdcmfko 0x61 0x61 0x00 0x00

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1409082233-436374069-682003330-1004$201c6a02fdebd68.tif:Xj1phwzh5qcwungrN45kt3kiCe
ADS C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1409082233-436374069-682003330-1004$201c6a02fdebd68.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\John Greenwood\Desktop\ebay.url:favicon
ADS C:\Documents and Settings\John Greenwood\Desktop\hijackthis help forum.url:favicon
ADS C:\Documents and Settings\John Greenwood\Desktop\phone stuff\german d600xefc1klingelsumfin.url:favicon
ADS C:\Documents and Settings\John Greenwood\Desktop\phone stuff\howard forums.url:favicon
ADS C:\Documents and Settings\John Greenwood\Desktop\torrentpond.url:favicon
ADS C:\Documents and Settings\John Greenwood\Desktop\torrentscan.url:favicon
ADS C:\Documents and Settings\John Greenwood\Desktop\were on desktop\did docter tell you.url:favicon
ADS C:\Documents and Settings\John Greenwood\Desktop\were on desktop\dvr-111d cross flashing.url:favicon

---- EOF - GMER 1.0.12 ----


1Click DVD Copy Pro 2.2.2.4
Acala 3GP Movies Free 2.3.6
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe Reader Korean Fonts
Advanced RAR Repair v1.0
AnyDVD
AOpen Multimedia Utilities
Apple Software Update
ArtMasterPro
Auction Sentry
Audacity 1.2.4
AutoSizer
AVG Anti-Spyware 7.5
BitComet 0.70
BlazeDTV 2.1
BlueSoleil
Broken Sword - The Angel of Death
BT Yahoo! Applications
Canon CanoScan Toolbox 4.1
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
CC_ccProxyExt
ccCommon
ccPxyCore
CleanUp!
Clipboard Magic 4.01
Codec Pack - All In 1 6.0.2.6
ConvertXtoDVD 2.0.12
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
CyberTweak Version 1.3 Final
Dan Elwell's Broadband Speed Test
dAP Skin Pioneer Skin
dBpowerAMP 24 Bit DSP
dBpowerAMP 48 KHz Resample DSP
dBpowerAMP AAC Codec
dBpowerAMP AAC to Mp4 Codec
dBPowerAMP AIFF codec r4
dBpowerAMP FAAC Mp4 Codec
dBpowerAMP FLAC Codec
dBpowerAMP Monkeys Audio Codec
dBpowerAMP Mp3 (MPEG Suite 2000 CLI)
dBpowerAMP mp3PRO Input Codec
dBpowerAMP Mp4 & AAC Decode Codec
dBpowerAMP Musepack Codec
dBpowerAMP Music Converter
dBpowerAMP Ogg Vorbis Codec
dBpowerAMP Real Audio Codec
dBPowerAMP Real Audio Encoder R3
dBpowerAMP Shorten Codec
dBpowerAMP Skin Designer
dBpowerAMP VQF Codec
dBpowerAMP Wavpack Codec
dBpowerAMP Winamp Codec
dBpowerAMP WMA V9 Codec
dBpowerAMP WMA V9.1 Codec
DigiDoc
dMC mp3PRO (CLI) Encoder
dMC Power Pack
DVD Decrypter (Remove Only)
DVDInfoPro
DVD-RAM Driver
EasyZip
eFax Messenger 4.2
eMule Plus 1.2a
EPSON Printer Software
ERUNT 1.1h
ewido anti-malware
Family Tree Maker 2006
FlatOut
GIFViewer
Google Earth
Google Toolbar for Internet Explorer
HijackThis 1.99.1
honestech Video Editor
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Indigo Prophecy
Internet Worm Protection
InterVideo WinDVD 4
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Kirby Alarm v2.11
Lavasoft VX2 Cleaner
LMA Manager 2007
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic ISO Maker v5.0 (build 0166)
Manual CanoScan 3000,3000F
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft ActiveSync 3.7
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozy 1.6.4.4
MSRedist
MSXML 4.0 SP2 (KB927978)
NAVShortcut
Nero 7 Premium
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton Internet Security
Norton Personal Firewall
Norton Personal Firewall
Norton Personal Firewall
Norton Protection Center
Norton WMI Update
Norton WMI Update
NVIDIA Drivers
NVIDIA Windows 2000/XP nForce Drivers
Ogg Vorbis CLI
OLYMPUS CAMEDIA Master 4.3
Panda ActiveScan
PCI Audio Applications
PCI Audio Driver
PerfectDisk
Personal Ancestral File 5
Photodex Presenter
PMView Pro
PowerISO
ProShow Gold
QuickTime
RealPlayer
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio
Samsung PC Studio 3 USB Driver Installer
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Shareaza version 2.2.3.0
Softick PPP 2.21 (remove only)
Sonic DLA
SPBBC
Spybot - Search & Destroy 1.4
Super Ad Blocker
SureThing CD Labeler - Stomper Edition 32 bit
Symantec
Tracks Eraser Pro v5.3
TuneUp Utilities 2006
Turbo Lister 2
TVAnts 1.0
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Video Fixer 3.23
VideoLAN VLC media player 0.8.5
Virtual Painter 5 (Standalone)
Vodafone 804SS USB driver Software
Winamp (remove only)
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinHex
WinRAR archiver
WinTV NOVA USB

Computer is responding well with no known problems.......... Thank you Matt.
Matt Chrome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 07:55 AM   #8 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: xp home


virustotal scans
VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.


STATUS: FINISHEDComplete scanning result of "BRIDGE.SY_", received in VirusTotal at 01.20.2007, 22:54:28 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.26 01.20.2007 no virus found
Authentium 4.93.8 01.20.2007 no virus found
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.20.2007 no virus found
BitDefender 7.2 01.20.2007 no virus found
CAT-QuickHeal 9.00 01.20.2007 no virus found
ClamAV devel-20060426 01.20.2007 no virus found
DrWeb 4.33 01.20.2007 no virus found
eSafe 7.0.14.0 01.20.2007 no virus found
eTrust-InoculateIT 23.73.118 01.20.2007 no virus found
eTrust-Vet 30.3.3336 01.19.2007 no virus found
Ewido 4.0 01.20.2007 no virus found
Fortinet 2.82.0.0 01.20.2007 no virus found
F-Prot 3.16f 01.20.2007 no virus found
F-Prot4 4.2.1.29 01.20.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.20.2007 no virus found
McAfee 4943 01.19.2007 no virus found
Microsoft 1.1904 01.20.2007 no virus found
NOD32v2 1992 01.20.2007 no virus found
Norman 5.80.02 01.20.2007 no virus found
Panda 9.0.0.4 01.20.2007 no virus found
Prevx1 V2 01.20.2007 no virus found
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 no virus found
TheHacker 6.0.3.151 01.19.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.20.2007 no virus found
VirusBuster 4.3.19:9 01.20.2007 no virus found


Aditional Information
File size: 33741 bytes
MD5: 7fe8060cb62b7d30d3561032ed7e0986
SHA1: ffacabf827e58890f4a5e01df85c56d5778438a4
packers: embedded

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com


VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.


Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.


STATUS: FINISHEDComplete scanning result of "pxwma.dll", received in VirusTotal at 01.20.2007, 23:01:36 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.26 01.20.2007 no virus found
Authentium 4.93.8 01.20.2007 no virus found
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.20.2007 no virus found
BitDefender 7.2 01.20.2007 no virus found
CAT-QuickHeal 9.00 01.20.2007 no virus found
ClamAV devel-20060426 01.20.2007 no virus found
DrWeb 4.33 01.20.2007 no virus found
eSafe 7.0.14.0 01.20.2007 no virus found
eTrust-InoculateIT 23.73.118 01.20.2007 no virus found
eTrust-Vet 30.3.3336 01.19.2007 no virus found
Ewido 4.0 01.20.2007 no virus found
Fortinet 2.82.0.0 01.20.2007 no virus found
F-Prot 3.16f 01.20.2007 no virus found
F-Prot4 4.2.1.29 01.20.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.20.2007 no virus found
McAfee 4943 01.19.2007 no virus found
Microsoft 1.1904 01.20.2007 no virus found
NOD32v2 1993 01.20.2007 no virus found
Norman 5.80.02 01.20.2007 no virus found
Panda 9.0.0.4 01.20.2007 no virus found
Prevx1 V2 01.20.2007 no virus found
Sophos 4.13.0 01.20.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 no virus found
TheHacker 6.0.3.151 01.19.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.20.2007 no virus found
VirusBuster 4.3.19:9 01.20.2007 no virus found


Aditional Information
File size: 86016 bytes
MD5: c47ecd04c9d843955b2d3e7a68b2bbe2
SHA1: 6a9c6ccd32154928763a7a32623f3be0a49e084e

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com

Thanks
Matt Chrome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 08:49 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,555
OS: 2000 Pro; XP Pro; XP Home


Sorry, I didn't see Ewido in your first log. It's been purchased and replaced by AVG Anti-spyware. You should uninstall it, as you only need one of these programs. It's interesting, because I thought AVG AS recognized an install of Ewido and suggested an uninstall and reboot before continuing with the install of AVG AS. Did that happen?

Everything else seems fine to me. What I was looking for with those other tools is not present, so that's good.

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Create a new System Restore point
  • click Start >> Run - type SYSDM.CPL & press Enter
  • select the System Restore Tab
  • tick on the checkbox - "Turn off System Restore on all drives"
  • click Apply
  • then untick the same checkbox & click OK


Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
    • Install & update SpywareBlaster with the latest definitions.
      After you have updated, click the button - enable protection for all unprotected items
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here

  • IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Download IE-SpyAD - Extract the contents to a new folder
      From within the folder, double-click install.bat
      Select Option #2 - Install the new IE-SPYAD list.
      Then return to the main menu.
      Select option #4 - Add the old porn sites domain


  • MVPS HOST FILE
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.


  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    Here are a few very good free Antivirus products which are available:Select one of these, or another of your choice. Do not install more than one antivirus program because they will conflict with each other. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.
See this link for a listing of some online antivirus scanners:

Anti-Spyware Tutorial

If you do not have a firewall, here are a few free ones available for personal use:


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 02:45 PM   #10 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: xp home


Thumbs Up Thanks tetonbob
Hi, tetonbob,
Thanks for sorting my pc right out, I pray that next time I need your assistance, You will not be so snowed under by requests for help that I won`t get a look-in!

Just a couple of things, You`ve asked me to hide certain system files and folders, I`ve never hidden anything, so that if I hit problems, I can always see what is there. Is there any particular reason why this should be done?

Also I always use Erunt instead of System restore, I found from experience that whenever I did a test on system restore it always worked, but if ever I actually needed to go back, the damn thing said that it couldn`t use any of my restore points!! However Erunt has never let me down. Is it ok for me to use Erunt?

Finally, when I installed AVG, I don`t recall it asking me to uninstall ewido, but I did know that it was replaced by AVG, I should have really already uninstalled it.
Well done Tetonbob............ Matt
Matt Chrome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 03:20 PM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,555
OS: 2000 Pro; XP Pro; XP Home


Hi Matt -

Quote:
Originally Posted by Matt Chrome View Post
Hi, tetonbob,
Thanks for sorting my pc right out, I pray that next time I need your assistance, You will not be so snowed under by requests for help that I won`t get a look-in!

Just a couple of things, You`ve asked me to hide certain system files and folders, I`ve never hidden anything, so that if I hit problems, I can always see what is there. Is there any particular reason why this should be done?

If you're an experienced user, it's no problem. As you may know, System files/folders are hidden by default in Windows. One has to actively unhide them, which we do in the course of a fix of required. Application Data folders are such hidden folders.

We then re-hide them at the end of a fix....don't want inexperienced computer users wondering what such and such a file is and deleting it.

Also I always use Erunt instead of System restore, I found from experience that whenever I did a test on system restore it always worked, but if ever I actually needed to go back, the damn thing said that it couldn`t use any of my restore points!! However Erunt has never let me down. Is it ok for me to use Erunt?

ERUNT is probably even more effective and trustworthy than System Restore. Again, that's just part of finishing a fix, in the case there are restore points that contain infection, we clear them all and finish a fix with a clean fresh one to go forward with.

Regarding the fact that the point could never be used, it's quite possible they were corrupt, and you need to flush them and set a new one anyway.

Finally, when I installed AVG, I don`t recall it asking me to uninstall ewido,

thanks for the info.

but I did know that it was replaced by AVG, I should have really already uninstalled it.
Well done Tetonbob............ Matt
Any other questions, or shall we put this one to bed?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 03:29 PM   #12 (permalink)
Registered User
 
Join Date: Jan 2007
Posts: 7
OS: xp home


And so to bed
Goodnight............... Matt
Matt Chrome is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 05:56 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,555
OS: 2000 Pro; XP Pro; XP Home


__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 08:14 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85