Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Reoccuring Trojan/Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Reoccuring Trojan/Malware

Unread postby pistolero » June 2nd, 2007, 8:45 pm

Hi,

I'vew been having some trouble with the removal of a trojan or a malware program. So far this is what it is doing that I know of, and what I have done to remove it (without success). Your help is greatly appreciated.

- it deleted the exe files for Norton and will not allow me to reinstal or do updates.

- it deleted spybot exe as soon as it is downloaded and installed.

- it deleted avast exe file as soon as it is installed.

- it prevents safemode bootup. It produces a blue screen and reboots.

- It provides pop-ups from ad.theadhost.com

I managed to utilize the minimized screen version of avast and it found several trojan viruses which it said it fixed.

I also ran:

CA Antivirus scan (online version)
Ad-aware (found nothing)
ATF Cleaner
FXBeagle fix from Symantic (because I thought it was this virus...but the cleaner said it was clean)
AVG Antivirus found about 15 trojans viruses and said it cleaned them. The Resident Shield option will not work.
TrojanHunter found 2 and said it cleaned them.

I rebooted and thoguht I had gotten rid of it and I still cannot load up spybot or avast and the pop up ads keep coming back.

Below is my hijack This log file:



Logfile of HijackThis v1.99.1
Scan saved at 8:12:47 PM, on 6/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\utils\qt\qttask.exe
C:\utils\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\utils\TrojanHunter 4.6\THGuard.exe
C:\WINDOWS\system32\hldrrr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmeup.cc/3520/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\utils\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\utils\qt\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\utils\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [THGuard] "C:\utils\TrojanHunter 4.6\THGuard.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\utils\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\utils\MP3 Player Utilities 3.77\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\utils\MP3 Player Utilities 3.77\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/Ticker.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: run32dll - Unknown owner - C:\WINDOWS\system32\run32dll.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\utils\TuneUp Utilities 2006\WinStylerThemeSvc.exe


Thanks!
pistolero
Active Member
 
Posts: 2
Joined: June 2nd, 2007, 8:44 pm
Top
Advertisement
Register to Remove

Unread postby Shaba » June 3rd, 2007, 4:48 am

Hi pistolero

* Download GMER from
here:
Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Unread postby pistolero » June 3rd, 2007, 2:16 pm

Hi Shaba,

I narrowed it down to these viruses but I am sure there was and is more...

worm.bagle.il
trojan glieder

After doing some online scans with Panda's Active Scan and AVG's scans I managed to get rid of the one that was blocking Avast and Spybot. I downloaded and ran spybot without any problems. It found several malware programs and deleted them. I am going to do an avast bootscan shortly. AVG Antispyware found a small bunch of tracking cookies - nothing more. Trojan Hunter found nothing.

Norton got completely corrupted and is unusable. Yah Norton.

Here is the GMER file you request. I also attached an updated hijack this log.

Thank you so much for your quick response.

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-03 14:14:52
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\System32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\system32\WgaTray.exe[536] WININET.dll!InternetErrorDlg 7722D875 5 Bytes JMP 0101211B C:\WINDOWS\system32\WgaTray.exe

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82358328
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82013578
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81F0E8E0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81D32910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81F0E8E0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 81F1A490
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 81FC63B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81DDD288
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81DDD288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81E65BB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81D3FC98
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLOSE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_READ 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_WRITE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_EA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_POWER 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_PNP 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 81E696B8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82013578
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81D74918

---- Modules - GMER 1.0.12 ----

Module _________ F8424000-F843C000 (98304 bytes)

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x19 0xC8 0x11 0xEB ...
Reg \Registry\MACHINE\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl
Reg \Registry\MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version@Version 0xD6 0x49 0xA8 0x21 ...

---- EOF - GMER 1.0.12 ----





Logfile of HijackThis v1.99.1
Scan saved at 2:15:40 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\utils\qt\qttask.exe
C:\utils\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\utils\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\utils\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchmeup.cc/3520/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\utils\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\utils\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\utils\qt\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\utils\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\utils\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [THGuard] "C:\utils\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\utils\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\utils\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\utils\MP3 Player Utilities 3.77\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\utils\MP3 Player Utilities 3.77\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/Ticker.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by16fd.bay16.hotmail.msn.com/act ... Atchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\utils\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\utils\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\utils\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\utils\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\utils\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: run32dll - Unknown owner - C:\WINDOWS\system32\run32dll.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\utils\TuneUp Utilities 2006\WinStylerThemeSvc.exe
pistolero
Active Member
 
Posts: 2
Joined: June 2nd, 2007, 8:44 pm
Top

Unread postby Shaba » June 4th, 2007, 4:38 am

Hi

Yes, looks like rootkit bagle is gone.

Open HijackThis, click do a system scan only and checkmark this:

O23 - Service: run32dll - Unknown owner - C:\WINDOWS\system32\run32dll.exe (file missing)

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top

Unread postby Shaba » June 14th, 2007, 4:32 am

Whilst we appreciate that you may be busy, it has been 10 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 115 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index