Hi Shaba,
I narrowed it down to these viruses but I am sure there was and is more...
worm.bagle.il
trojan glieder
After doing some online scans with Panda's Active Scan and AVG's scans I managed to get rid of the one that was blocking Avast and Spybot. I downloaded and ran spybot without any problems. It found several malware programs and deleted them. I am going to do an avast bootscan shortly. AVG Antispyware found a small bunch of tracking cookies - nothing more. Trojan Hunter found nothing.
Norton got completely corrupted and is unusable. Yah Norton.
Here is the GMER file you request. I also attached an updated hijack this log.
Thank you so much for your quick response.
GMER 1.0.12.12244 -
http://www.gmer.net
Rootkit scan 2007-06-03 14:14:52
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
---- Kernel code sections - GMER 1.0.12 ----
? C:\WINDOWS\System32\DRIVERS\update.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\WgaTray.exe[536] WININET.dll!InternetErrorDlg 7722D875 5 Bytes JMP 0101211B C:\WINDOWS\system32\WgaTray.exe
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82358328
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82013578
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81F0E8E0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81D32910
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81F0E8E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81F0E8E0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_READ 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 81F1A490
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 81F1A490
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 81FC63B0
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81DDD288
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F8ACF85A] avgtdi.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81DDD288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81E65BB0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81D3FC98
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLOSE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_READ 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_WRITE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_EA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_POWER 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_PNP 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 81E696B8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 81E696B8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82013578
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 81D2EAF8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81D74918
---- Modules - GMER 1.0.12 ----
Module _________ F8424000-F843C000 (98304 bytes)
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x19 0xC8 0x11 0xEB ...
Reg \Registry\MACHINE\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl
Reg \Registry\MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version@Version 0xD6 0x49 0xA8 0x21 ...
---- EOF - GMER 1.0.12 ----
Logfile of HijackThis v1.99.1
Scan saved at 2:15:40 PM, on 6/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\utils\qt\qttask.exe
C:\utils\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\utils\TrojanHunter 4.6\THGuard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\utils\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.searchmeup.cc/3520/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\utils\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\utils\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\utils\qt\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\utils\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\utils\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [THGuard] "C:\utils\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\utils\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\utils\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\utils\MP3 Player Utilities 3.77\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\utils\MP3 Player Utilities 3.77\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www.ca.com/us/securityadvisor/vi ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) -
http://fdl.msn.com/public/investor/v5/Ticker.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://by16fd.bay16.hotmail.msn.com/act ... Atchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\utils\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\utils\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\utils\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\utils\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\utils\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: run32dll - Unknown owner - C:\WINDOWS\system32\run32dll.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\utils\TuneUp Utilities 2006\WinStylerThemeSvc.exe