Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer pegged at 100% , please help ! [RESOLVED]

Started by hoopsnie , May 05 2007 03:19 PM

This topic is locked

#1
hoopsnie

Posted 05 May 2007 - 03:19 PM

Member

Member
22 posts

Hello all,

I have an acer notebook that pegs at 100% usage and stays there for several minutes. A lot of times it seems to be triggered by starting a video online ie YouTube etc, but not always. I use firefox almost exclusively, with only a very rare exception of using IE. Another time the issue really seems to come up is when I try to browse a flash site while I am working with my work from home phone software. Maybe java issues? I recently restored the factory defaults with the restore discs and reinstalled the core applications, but the issue is persisting. Usually there will be a quick ramp up of cycles and will peg at 100% . I use the cpu monitor on Windows Task Manager to watch this. Many times i just have to end an application from the task manager, but even that doesn't always help. Mos t of the time i will have to wait for a few minutes and the cpu cycles will drop down on their own wi

i went through the instructions and followed them carefully; there was some tracking cookies and some instances of spy/adware present. i will post the logs below. i used adaware to remove the spyware detected by Panda and then ran spybot. i have now run 4 different spyware programs and the panda scan. The problem is persisting.

NOTE: as i was writing this, it happened again. i started when I id a search for the log file for ad-aware. i stopped the search, but the cpu usage is ging wild. it is jumping from 25 to 100% with no apparent rhyme or reason. It is now hovering in the 80%-90% range. What is going on?!?

Any help would be GREATLY appreciated. I will post the logfiles below in the following order : AVG anti-spyware, SUPER antispyware, Panda activescan, and HijackThis! I have the Ad-Aware report if it is needed.

THANK YOU!!!

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:35:28 AM 5/5/2007

+ Scan result:

HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.102:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.104:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.328:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.420:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.430:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.539:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.581:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.594:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.99:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.261:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.262:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.265:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.337:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.338:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.297:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.298:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.299:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.300:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.301:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.302:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.303:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.84:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.85:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.86:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.87:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.608:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.245:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.244:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.246:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.248:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.249:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.64:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.65:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.66:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.71:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.72:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.73:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.75:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Cnn : Cleaned.
:mozilla.442:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.369:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.76:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.77:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.78:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.640:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.641:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.642:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.643:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.644:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.129:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.130:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.131:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.132:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.133:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.134:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.521:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.561:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.626:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.664:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.684:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.349:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.112:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.113:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.367:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.549:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.550:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.551:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.584:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.585:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.701:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.702:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.610:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.317:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.318:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.237:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.238:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.239:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.240:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.319:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.195:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.196:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.197:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.198:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.135:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.136:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.137:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.138:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.139:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.140:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.141:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.142:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.118:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.119:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.120:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.121:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.122:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.124:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.83:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.88:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.89:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.391:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.392:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.393:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.394:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.395:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.396:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.221:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.222:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.223:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.224:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.225:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.339:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.340:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.341:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.343:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.344:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.345:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.252:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.253:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.254:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.255:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.256:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.257:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.258:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.259:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.148:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.149:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.150:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.151:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.152:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.154:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.155:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.42:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.46:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.48:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.49:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.50:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.596:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.128:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.522:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.523:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.57:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.324:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.325:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.326:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.327:C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
Generated 05/05/2007 at 02:21 AM

Application Version : 3.6.1000

Core Rules Database Version : 3232
Trace Rules Database Version: 1243

Scan type : Complete Scan
Total Scan Time : 00:37:30

Memory items scanned : 506
Memory threats detected : 1
Registry items scanned : 5094
Registry threats detected : 19
File items scanned : 27370
File threats detected : 1

Adware.IWantSearchBar
C:\WINDOWS\SYSTEM32\TOOLBAND.DLL
C:\WINDOWS\SYSTEM32\TOOLBAND.DLL
HKLM\Software\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\ToolBand.ToolBandObj.1
HKCR\ToolBand.ToolBandObj
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0\win32
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR
HKU\S-1-5-21-1803437595-58450368-3457927729-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Activescan

Incident Status Location

Adware:adware/sbsoft Not disinfected Windows Registry
Adware:Adware/FastLook Not disinfected C:\WINDOWS\SYSTEM32\ActiveToolBand.dll
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.ccbill.com/]

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:35:37 PM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Vital\POS2000\BIN\vAppCon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Jim\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AppCon] "C:\Program Files\Vital\POS2000\BIN\vAppCon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Edited by hoopsnie, 05 May 2007 - 03:26 PM.

#2
Octagonal

Posted 11 May 2007 - 06:56 AM

Member 2k

Member
2,528 posts

Hi hoopsnie,

Sorry for the delay, its been busy lately.

Lets see if we can get your system all cleaned up! :whistling:

You will need to print out a copy of these instructions, or save them to NotePad and put a shortcut to the file on the desktop so that you can refer to while you complete this procedure.

Please download the OTMoveIt by OldTimer and Save it to your desktop.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)
Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Close Spy Sweeper

Do Not do anything with these programs yet, we will shortly.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM

Now close all windows other than HiJackThis (including any browser windows), then click Fix Checked.

Please double-click OTMoveIt.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\SYSTEM32\ActiveToolBand.dll
C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT
Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Ensure that the checkbox for Unregister Dll's and Ocx's is ticked.
Click the red Moveit! button.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Open Spy Sweeper.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Reboot the computer.

I would like you to do another scan with Panda Activescan.

Go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

Please post the requested logs together with a fresh HijackThis log for me to review. Also let me know how your system is now running.

Thanks. :blink:

#3
hoopsnie

Posted 11 May 2007 - 08:56 PM

Member

Topic Starter
Member
22 posts

Thanks SO much for responding! I know you guys have been very busy...I almost gave up! :whistling:

I would have posted earlier... it's taking h o u r s to scan everything. I will post the logs as soon as I have them. One note: the instructions you posted for the spysweeper scan differed from the program as I downloaded it, (different version?) so I just did a "full scan". I don't have a report for that one, although it did take almost 2 hours to fully scan. Thats how slow I'm running... It didn't find any spyware anyway, just 2 tracking cookies which I had it take care of.

I will post the other logs as soon as I get them...

thanks again!

#4
hoopsnie

Posted 11 May 2007 - 11:46 PM

Member

Topic Starter
Member
22 posts

OK! Here are the reports:

Panda first---

Incident Status Location

Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jim\Cookies\jim@doubleclick[2].txt
Adware:Adware/FastLook Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\SYSTEM32\ActiveToolBand.dll
Spyware:Cookie/Doubleclick Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Advertising Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.atdmt.com/]
Spyware:Cookie/PointRoll Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.ads.pointroll.com/]
Spyware:Cookie/2o7 Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.atwola.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.247realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.serving-sys.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.casalemedia.com/]
Spyware:Cookie/HotLog Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.hotlog.ru/]
Spyware:Cookie/Yadro Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.yadro.ru/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[server.iad.liveperson.net/hc/62672927]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[server.iad.liveperson.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.fastclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.realmedia.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.bluestreak.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.burstnet.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.tribalfusion.com/]
Spyware:Cookie/Com.com Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.com.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[www.burstbeacon.com/]
Spyware:Cookie/Zedo Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.zedo.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[server.iad.liveperson.net/hc/89721091]
Spyware:Cookie/Clickbank Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[.clickbank.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\_OTMoveIt\MovedFiles\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\b1k94gu1.default\COOKIES.TXT[statse.webtrendslive.com/]

HIJACK ------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 1:40:58 AM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Vital\POS2000\BIN\vAppCon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jim\Desktop\Maintenence\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AppCon] "C:\Program Files\Vital\POS2000\BIN\vAppCon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

THANKS!

#5
Octagonal

Posted 12 May 2007 - 08:44 AM

Member 2k

Member
2,528 posts

Hi hoopsnie,

Good work! :whistling:

Those logs appear to be ok.

I would like you to run the following scans to see if there is any type of malware/rootkit running in the background that may be causing the spike in CPU usage.

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.

Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will receive a prompt:
- Do you want to skip supplementary searches?
  click NO
If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.

*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Please post the requested logs together with a fresh HijackThis log for me to review.

Thanks. :blink:

#6
hoopsnie

Posted 12 May 2007 - 11:09 AM

Member

Topic Starter
Member
22 posts

#7
hoopsnie

Posted 12 May 2007 - 11:10 AM

Member

Topic Starter
Member
22 posts

ok.... strangness. i posted and the post was blank. TWICE.

ill try again...

Edited by hoopsnie, 12 May 2007 - 11:12 AM.

#8
hoopsnie

Posted 12 May 2007 - 11:15 AM

Member

Topic Starter
Member
22 posts

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SUPERAntiSpyware" = ""C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"" ["SUPERAntiSpyware.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"preload" = "C:\Windows\RUNXMLPL.exe" ["Wistron"]
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"MSPY2002" = ""C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC" [null data]
"PHIME2002ASync" = ""C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC" [MS]
"PHIME2002A" = ""C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName" [MS]
"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]
"SynTPLpr" = ""C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"" ["Synaptics, Inc."]
"SynTPEnh" = ""C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"" ["Synaptics, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"RemoteControl" = ""C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]
"LaunchAp" = ""C:\Program Files\Launch Manager\LaunchAp.exe"" [empty string]
"PowerKey" = ""C:\Program Files\Launch Manager\PowerKey.exe"" [empty string]
"LManager" = ""C:\Program Files\Launch Manager\HotkeyApp.exe"" ["Wistron"]
"CtrlVol" = ""C:\Program Files\Launch Manager\CtrlVol.exe"" ["Wistron"]
"LMgrOSD" = ""C:\Program Files\Launch Manager\OSDCtrl.exe"" [empty string]
"Wbutton" = ""C:\Program Files\Launch Manager\Wbutton.exe"" [empty string]
"EPM-DM" = "c:\acer\Empowering Technology\ePower\epm-dm.exe" ["Acer Inc"]
"Acer ePower Management" = ""C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot" ["Acer Value Labs, Taiwan"]
"eRecoveryService" = ""C:\Acer\Empowering Technology\eRecovery\Monitor.exe"" ["acer Inc."]
"ADMTray.exe" = ""C:\Acer\Empowering Technology\admtray.exe"" ["Avocent Inc."]
"eDataSecurity Loader" = ""C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"" [null data]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"AppCon" = ""C:\Program Files\Vital\POS2000\BIN\vAppCon.exe"" ["Vital Processing Services"]
"HP Software Update" = ""C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Development Company, L.P."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Inc."]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"AVG7_CC" = ""C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP" ["GRISOFT, s.r.o."]
"ScreenPrint32" = ""C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup" ["Provtech Limited"]
"eFax 4.3" = ""C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R" ["j2 Global Communications, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0}" = "EPM-PO Shell Extension"
-> {HKLM...CLSID} = "EPM-PO Shell Extensions"
\InProcServer32\(Default) = "epm-po.dll" ["Acer Labs USA"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {HKLM...CLSID} = "AVG7 Find Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
"{6872d785-fe43-44cb-9b2a-2df4c5eb13b2}" = "eFax Messenger - Shell Extension"
-> {HKLM...CLSID} = "HotShellExt"
\InProcServer32\(Default) = "C:\Program Files\eFax Messenger 4.3\J2GShell.dll" ["j2 Global Communications, Inc."]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{B32A6748-F273-4546-B60A-3C5ADC239DE5}" = "Mozy Remote Backup Shell Extensions"
-> {HKLM...CLSID} = "Mozy Remote Backup Shell Extensions"
\InProcServer32\(Default) = "C:\Program Files\Mozy\mozyshell.dll" ["Berkeley Data Systems"]
"{747E722C-CB46-4A9D-BDFE-192AAD5099B1}" = "Mozy Remote Backup Shell Extensions Icon Overlay 2"
-> {HKLM...CLSID} = "Mozy Remote Backup Shell Extensions Icon Overlay 2"
\InProcServer32\(Default) = "C:\Program Files\Mozy\mozyshell.dll" ["Berkeley Data Systems"]
"{EE6F5A00-7898-40F7-AB77-51FF9D6DEB20}" = "Mozy Remote Backup Shell Extensions Icon Overlay 3"
-> {HKLM...CLSID} = "Mozy Remote Backup Shell Extensions Icon Overlay 3"
\InProcServer32\(Default) = "C:\Program Files\Mozy\mozyshell.dll" ["Berkeley Data Systems"]
"{B6B69199-ACA1-4CC4-A7E3-3DC9AEC7B947}" = "Mozy Remote Backup Shell Extensions NSE"
-> {HKLM...CLSID} = "Mozy Remote Backup"
\InProcServer32\(Default) = "C:\Program Files\Mozy\mozyshell.dll" ["Berkeley Data Systems"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]
<<!>> "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = (no title provided)
-> {HKLM...CLSID} = "SABShellExecuteHook Class"
\InProcServer32\(Default) = "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" ["SuperAdBlocker.com"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> !SASWinLogon\DLLName = "C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL" ["SUPERAntiSpyware.com"]
<<!>> igfxcui\DLLName = "igfxdev.dll" ["Intel Corporation"]
<<!>> WRNotifier\DLLName = "WRLogonNTF.dll" ["Webroot Software, Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
EDSshellExt\(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}"
-> {HKLM...CLSID} = "eDSshlExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\eDSshellExt.dll" ["HiTRUST"]
HotShellExt_40\(Default) = "{6872D785-FE43-44cb-9B2A-2DF4C5EB13B2}"
-> {HKLM...CLSID} = "HotShellExt"
\InProcServer32\(Default) = "C:\Program Files\eFax Messenger 4.3\J2GShell.dll" ["j2 Global Communications, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
EDSshellExt\(Default) = "{29FF7AB0-BE34-4992-A30B-53A9D86EE239}"
-> {HKLM...CLSID} = "eDSshlExt Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\eDSshellExt.dll" ["HiTRUST"]
mozy\(Default) = "{B32A6748-F273-4546-B60A-3C5ADC239DE5}"
-> {HKLM...CLSID} = "Mozy Remote Backup Shell Extensions"
\InProcServer32\(Default) = "C:\Program Files\Mozy\mozyshell.dll" ["Berkeley Data Systems"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {HKLM...CLSID} = "AVG7 Shell Extension Class"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG7\avgse.dll" ["GRISOFT, s.r.o."]
mozy\(Default) = "{B32A6748-F273-4546-B60A-3C5ADC239DE5}"
-> {HKLM...CLSID} = "Mozy Remote Backup Shell Extensions"
\InProcServer32\(Default) = "C:\Program Files\Mozy\mozyshell.dll" ["Berkeley Data Systems"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {HKLM...CLSID} = "WinZip"
\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing, S.L."]

HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
mozy\(Default) = "{B32A6748-F273-4546-B60A-3C5ADC239DE5}"
-> {HKLM...CLSID} = "Mozy Remote Backup Shell Extensions"
\InProcServer32\(Default) = "C:\Program Files\Mozy\mozyshell.dll" ["Berkeley Data Systems"]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration"
\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"DisableRegistryTools" = (REG_DWORD) hex:0x00000000
{Prevent access to registry editing tools}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Startup items in "Jim" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Service Manager" -> shortcut to: "C:\MSSQL7\Binn\sqlmangr.exe /n" [MS]
"Mozy Status" -> shortcut to: "C:\Program Files\Mozy\mozystat.exe" ["Berkeley Data Systems"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_01"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AdminWorks Agent X6, AWService, ""C:\Acer\Empowering Technology\admServ.exe"" ["Avocent Inc."]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe" ["GRISOFT, s.r.o."]
Diskeeper, Diskeeper, ""C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"" ["Diskeeper Corporation"]
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."]
Mozy Backup Service, mozybackup, ""C:\Program Files\Mozy\mozybackup.exe"" ["Berkeley Data Systems"]
MSSQLServer, MSSQLServer, "C:\MSSQL7\binn\sqlservr.exe" [MS]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
Webroot Spy Sweeper Engine, WebrootSpySweeperService, ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe"" ["Webroot Software, Inc."]

Keyboard Driver Filters:
------------------------

HKLM\System\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
"UpperFilters" = <<!>> "SSKBFD" ["Webroot Software Inc (www.webroot.com)"]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
HP Standard TCP/IP Port\Driver = "HpTcpMon.dll" ["Hewlett Packard"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
PCL hpz3l054\Driver = "hpz3l054.dll" ["Hewlett-Packard Company"]

----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 23 seconds.
---------- (total run time: 115 seconds)

Edited by hoopsnie, 12 May 2007 - 11:16 AM.

#9
hoopsnie

Posted 12 May 2007 - 11:17 AM

Member

Topic Starter
Member
22 posts

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-12 13:05:27
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT 82FA82B8 ZwAllocateVirtualMemory
SSDT 82FDC840 ZwCreateKey
SSDT 82F61AA8 ZwCreateProcess
SSDT 82F5CB28 ZwCreateProcessEx
SSDT 82FA8588 ZwCreateThread
SSDT 82F54FA8 ZwDeleteKey
SSDT 82F61B20 ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT 82FA8330 ZwQueueApcThread
SSDT 82FA68C8 ZwReadVirtualMemory
SSDT 82F54F30 ZwRenameKey
SSDT 82FA8420 ZwSetContextThread
SSDT 82F5DB20 ZwSetInformationKey
SSDT 82FDD6A8 ZwSetInformationProcess
SSDT 82FA8498 ZwSetInformationThread
SSDT 82F5DAA8 ZwSetValueKey
SSDT 82FDD630 ZwSuspendProcess
SSDT 82FA83A8 ZwSuspendThread
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT 82FA8510 ZwTerminateThread
SSDT 82FA6940 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 25AE 805012B2 2 Bytes [ 35, F7 ]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6C4762C 5 Bytes JMP 829EC1C8
? System32\Drivers\aojv37c1.SYS The system cannot find the file specified.
? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[2244] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes [ B3, F8, C3, 83 ]

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 82F451E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 82F451E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 82DDC5A0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 82DDC5A0
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 82DDC5A0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 82DB0618
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 82E07260
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 82D5F6D0
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 82D6BA78
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 82D7FE68
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 82D499B0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 82D513A0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 82D249B8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 82D1E4C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 82E4CF00
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 82DBFEA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 82DA2620
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 82E1F3D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 82D7E9B8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 82DC55C8
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 82C93580
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 82E22BF8
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 82D48B08
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 82D51898
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 82D7FA20
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 82D7A6E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 82B4E020
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 82C03020
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 82C87C78
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 82EDD938
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 82B09778
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 82B09A08
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 82C54B18
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 829EB1E8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 829BE598
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 829BE598
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 829BE598
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 829BE598
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 829BE598
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 829BE598
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 829BE598
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 82DB0618
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 82E07260
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 82D5F6D0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 82D6BA78
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 82D7FE68
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 82D499B0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 82D513A0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 82D249B8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 82D1E4C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 82E4CF00
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 82DBFEA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 82DA2620
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 82E1F3D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 82D7E9B8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 82DC55C8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 82C93580
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 82E22BF8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 82D48B08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 82D51898
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 82D7FA20
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 82D7A6E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 82B4E020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 82C03020
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 82C87C78
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 82EDD938
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 82B09778
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 82B09A08
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 82C54B18
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 82FCD1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE [F660D012] OsaFsLoc.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82A647A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82A647A0
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 82FCD1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE [F660D012] OsaFsLoc.sys
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82A647A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82A647A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82FCC1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82FCC1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82FCC1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82FCC1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82FCC1E8
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_CREATE [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_CREATE_NAMED_PIPE [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_CLOSE [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_READ [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_WRITE [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_QUERY_INFORMATION [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_SET_INFORMATION [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_QUERY_EA [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_SET_EA [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_FLUSH_BUFFERS [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_QUERY_VOLUME_INFORMATION [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_SET_VOLUME_INFORMATION [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_DIRECTORY_CONTROL [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_FILE_SYSTEM_CONTROL [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_DEVICE_CONTROL [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_SHUTDOWN [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_LOCK_CONTROL [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_CLEANUP [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_CREATE_MAILSLOT [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_QUERY_SECURITY [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_SET_SECURITY [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_POWER [F7363712] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_SYSTEM_CONTROL [F73862C8] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_DEVICE_CHANGE [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_QUERY_QUOTA [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_SET_QUOTA [F7389AD2] sptd.sys
Device \Driver\PCI_NTPNP7170 \Device\00000080 IRP_MJ_PNP [F7387238] sptd.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 82C8E7A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 82C8E7A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 82C8E7A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 82C8E7A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 82C8E7A0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 82C8E7A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 82C8E7A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 82C8E7A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 82C8E7A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 82C8E7A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 82C8E7A0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{83768EB4-FC50-49E9-A84F-F48FCCE2E3ED} IRP_MJ_CREATE 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{83768EB4-FC50-49E9-A84F-F48FCCE2E3ED} IRP_MJ_CLOSE 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{83768EB4-FC50-49E9-A84F-F48FCCE2E3ED} IRP_MJ_DEVICE_CONTROL 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{83768EB4-FC50-49E9-A84F-F48FCCE2E3ED} IRP_MJ_INTERNAL_DEVICE_CONTROL 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{83768EB4-FC50-49E9-A84F-F48FCCE2E3ED} IRP_MJ_CLEANUP 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{83768EB4-FC50-49E9-A84F-F48FCCE2E3ED} IRP_MJ_PNP 82C8E7A0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 82DB0618
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 82E07260
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 82D5F6D0
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 82D6BA78
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 82D7FE68
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 82D499B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 82D513A0
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 82D249B8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 82D1E4C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 82E4CF00
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 82DBFEA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 82DA2620
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 82E1F3D8
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 82D7E9B8
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 82DC55C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 82C93580
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 82E22BF8
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 82D48B08
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 82D51898
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 82D7FA20
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 82D7A6E8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 82B4E020
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 82C03020
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 82C87C78
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 82EDD938
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 82B09778
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 82B09A08
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 82C54B18
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 82DB0618
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 82E07260
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 82D5F6D0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 82D6BA78
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 82D7FE68
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 82D499B0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 82D513A0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 82D249B8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 82D1E4C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 82E4CF00
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 82DBFEA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 82DA2620
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 82E1F3D8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 82D7E9B8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 82DC55C8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 82C93580
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 82E22BF8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 82D48B08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 82D51898
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 82D7FA20
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 82D7A6E8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 82B4E020
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 82C03020
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 82C87C78
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 82EDD938
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 82B09778
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 82B09A08
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 82C54B18
Device \Driver\NetBT \Device\NetBT_Tcpip_{63B4E289-2918-4FCA-8EEE-3C129F2D1F6A} IRP_MJ_CREATE 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{63B4E289-2918-4FCA-8EEE-3C129F2D1F6A} IRP_MJ_CLOSE 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{63B4E289-2918-4FCA-8EEE-3C129F2D1F6A} IRP_MJ_DEVICE_CONTROL 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{63B4E289-2918-4FCA-8EEE-3C129F2D1F6A} IRP_MJ_INTERNAL_DEVICE_CONTROL 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{63B4E289-2918-4FCA-8EEE-3C129F2D1F6A} IRP_MJ_CLEANUP 82C8E7A0
Device \Driver\NetBT \Device\NetBT_Tcpip_{63B4E289-2918-4FCA-8EEE-3C129F2D1F6A} IRP_MJ_PNP 82C8E7A0
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 829EB1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82E157A0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 82DB0618
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 82E07260
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 82D5F6D0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 82D6BA78
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 82D7FE68
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 82D499B0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 82D513A0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 82D249B8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 82D1E4C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 82E4CF00
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 82DBFEA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 82DA2620
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 82E1F3D8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 82D7E9B8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 82DC55C8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 82C93580
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 82E22BF8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 82D48B08
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 82D51898
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 82D7FA20
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 82D7A6E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 82B4E020
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 82C03020
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 82C87C78
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 82EDD938
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 82B09778
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 82B09A08
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 82C54B18
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 829EB1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device�

Edited by hoopsnie, 12 May 2007 - 11:19 AM.

#10
hoopsnie

Posted 12 May 2007 - 11:20 AM

Member

Topic Starter
Member
22 posts

Logfile of HijackThis v1.99.1
Scan saved at 1:06:45 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Vital\POS2000\BIN\vAppCon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\sol.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozy\mozybackup.exe
C:\Program Files\Mozy\mozystat.exe
C:\Documents and Settings\Jim\Desktop\gmer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jim\Desktop\Maintenence\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AppCon] "C:\Program Files\Vital\POS2000\BIN\vAppCon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

how are we looking?

#11
Octagonal

Posted 13 May 2007 - 03:52 AM

Member 2k

Member
2,528 posts

Hi hoopsnie,

The Silent Runners log appears ok.

The GMER log has been cut off. Could you please either repost the scan if you saved it or re-scan with GMER and post the log in its entirety. You may have to use more than one post, just make sure that you start each post where the previous one finishes in the log.

Make sure that you use the same settings for GMER that I instructed in my last post.

Thanks. :whistling:

#12
hoopsnie

Posted 13 May 2007 - 08:22 AM

Member

Topic Starter
Member
22 posts

#13
hoopsnie

Posted 13 May 2007 - 08:29 AM

Member

Topic Starter
Member
22 posts

Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82E157A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82E157A0
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 829EB1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 829EB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 82FCD1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 82FCD1E8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 829BE598
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 829BE598
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 829BE598
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 829BE598
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 829BE598
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 829BE598
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 829BE598
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11 IRP_MJ_CREATE 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11 IRP_MJ_CLOSE 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11 IRP_MJ_DEVICE_CONTROL 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11 IRP_MJ_INTERNAL_DEVICE_CONTROL 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11 IRP_MJ_POWER 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11 IRP_MJ_SYSTEM_CONTROL 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11 IRP_MJ_PNP 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11Port1Path0Target0Lun0 IRP_MJ_CREATE 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11Port1Path0Target0Lun0 IRP_MJ_CLOSE 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11Port1Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11Port1Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11Port1Path0Target0Lun0 IRP_MJ_POWER 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11Port1Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82C0E5C0
Device \Driver\aojv37c1 \Device\Scsi\aojv37c11Port1Path0Target0Lun0 IRP_MJ_PNP 82C0E5C0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 82F451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 82F451E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 82A73518
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 82A73518
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible A9B33BCE

---- EOF - GMER 1.0.12 ----

#14
hoopsnie

Posted 13 May 2007 - 08:31 AM

Member

Topic Starter
Member
22 posts

And here's a fresh HJTlog just in case...

Logfile of HijackThis v1.99.1
Scan saved at 10:30:00 AM, on 5/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\Program Files\Mozy\mozybackup.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\MSSQL7\binn\sqlservr.exe
C:\Program Files\Vital\POS2000\BIN\vAppCon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozy\mozystat.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\REAPER\reaper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jim\Desktop\Maintenence\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] "C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" boot
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\Monitor.exe"
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AppCon] "C:\Program Files\Vital\POS2000\BIN\vAppCon.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [ScreenPrint32] "C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe" -startup
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Global Startup: Mozy Status.lnk = C:\Program Files\Mozy\mozystat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozy Backup Service (mozybackup) - Unknown owner - C:\Program Files\Mozy\mozybackup.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#15
hoopsnie

Posted 13 May 2007 - 08:44 AM

Member

Topic Starter
Member
22 posts

Well...I'm getting the sneaking suspicion that my problem isn't malware related. The problem is persisting, and it most often occurs when I have a browser window open and am playing a video of some kind. What do you think?

also... adaware locates the files we moved with ot move it. Should I have AdAware take care of it?