Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

protector.exe owns me

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

protector.exe owns me

Unread postby mellow » October 21st, 2006, 8:53 pm

I tried microsoft live onecare, trend micro housecall, spydefense, pccillin, spy sweeper etc yet i still get the winlogin.exe error, and internet explorer errors that pop up frequenty. when i try to use pccillin or onecare it keeps on poppin up to allow or dissallow protector.exe but for some reason it doesnt go away when i click disalllow. heres my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 8:37:36 PM, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Everest Labs\Spydefense\sdc.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Defrag.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Phil_2\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/ ... rf?lc=1033
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 64.229.222.56 l2testauthd.lineage2.com
O1 - Hosts: 64.229.222.56 l2authd.lineage2.com l2authd.lineage2.com
O1 - Hosts: nProtect.lineage2.com nProtect.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53A5132B-4E13-4FBE-837A-8890973A32C1} - C:\WINDOWS\system32\cjb.dll
O2 - BHO: (no name) - {E322C935-4800-4255-97BD-7A938FD14F20} - C:\WINDOWS\system32\cjb.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyDefense] C:\Program Files\Everest Labs\Spydefense\sdc.exe /service
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2297545859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1206843649
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab
O18 - Protocol: bw+0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: IEFilter - {93D2D83F-66E6-48D5-B522-8FA88016D85E} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

thanks and cheers
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm
Advertisement
Register to Remove

Unread postby Vino Rosso » October 22nd, 2006, 1:52 pm

Hi! mellow and welcome to the Malware Removal forums.
My name is Vino Rosso - if it helps, you can call me Vino for short. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a little time to research and, while I complete my training, all my recommended fixes will be checked by an expert.

Please be patient and I'd be grateful if you would note the following:
  • I will working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Finally, please reply to this thread. Do not start a new topic.
Be back soon.
Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby mellow » October 22nd, 2006, 7:15 pm

thanks vino for spending time to deal with my computer problems
much appreciated,

Phil
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby Vino Rosso » October 23rd, 2006, 4:41 am

Hi Phil

Important: Please print these instructions or copy them to Notepad as you will not have access to the internet during this fix.

1 - Move HijackThis
The first thing is we need to move HijackThis into its own folder as this will allow the program to backup any deletions we make with HijackThis to a safe area.
Using Windows Explorer, create a folder called HJT on your C: drive that is C:\HJT
Right-click on HijackThis.exe on your Desktop and choose Copy
Go to C:\HJT folder, right-click and choose Paste
Delete HijackThis.exe from your Desktop so you do not use that copy by mistake

Do not try to fix anything yet! HijackThis shows lots of good files as well as bad.

2 - Program Download

ATF Cleaner
Please download to your Desktop ATF Cleaner by Atribune from >here<. This program is for XP and Windows 2000 only. It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and greys out the other(s).
We will use this program later.

AVG Anti-Spyware
Download AVG Anti-Spyware 7.5 from >here<
After download, double click on the file to launch the install process.
Choose a language, click OK and then click Next.
Read the License Agreement and click I Agree.
Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click Next, then click Install.
After setup completes, click Finish to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
The main Status menu will appear. Select Change state to inactivate 'Resident Shield' and 'Automatic Updates'.
Then right click on AVG Anti-Spyware in the system tray and uncheck Start with Windows".
Go to Start > Run and type: services.msc
  • Press OK.
  • Click the Extended tab and scroll down the list to find AVG Anti-Spyware guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the Stop button.
  • From the drop-down menu next to "Startup Type", click on Manual.
  • Now click Apply, then OK and close the Services window.
Select the Update button and click Start update. Wait until you see the Update successful message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from >here<.
Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

3 - Delete Service Preparation
Open notepad - it must be notepad, not wordpad.
Copy and paste the text inside the code box below into notepad
Choose File > Save and type "delservices.bat" (including the quotes) and save it to your desktop.

Code: Select all
@echo off 
sc stop "Service" 
sc delete "Service"


Do not do anything else with this file yet!!

4 - Boot Into Safe Mode
Boot your PC into Safe Mode by restarting your computer and keep tapping F8 until the menu appears.
Use your up and down arrow keys to select Safe Mode.
We will continue your fix in Safe Mode.

5 - Run delservices.bat
Locate delservices.bat on your desktop and double-click the icon
You may not notice anything happen - this is OK.

6 - Run HJT Scan
Run a scan with HijackThis and tick the following entries, if present:
O2 - BHO: (no name) - {53A5132B-4E13-4FBE-837A-8890973A32C1} - C:\WINDOWS\system32\cjb.dll
O2 - BHO: (no name) - {E322C935-4800-4255-97BD-7A938FD14F20} - C:\WINDOWS\system32\cjb.dll
O15 - Trusted Zone: *.stumbleupon.com
**Note Please see O15 Lines note below.
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O21 - SSODL: IEFilter - {93D2D83F-66E6-48D5-B522-8FA88016D85E} - C:\WINDOWS\system32\IEFilter.dll
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe


O15 Lines
It may be helpful to know that when you put an item in your Trusted Zone, it has pretty much full access to your computer. Are you sure you trust these sites to that degree? If you're not sure, and/or you do not need these in your trusted zone to facilitate access, or you did not knowingly permit this access yourself, then please fix the O15 entry.

Close all windows except HijackThis
Select Fix Checked in HijackThis.

7 - Delete suspect files/folders
Using Windows Explorer, browse for the following files/folders and delete as instructed
NB Some files may have already been deleted by earlier actions so don't worry if you do not see them:

C:\WINDOWS\System\cjb.dll <=== This file only
C:\WINDOWS\System\IEFilter.dll <=== This file only
C:\WINDOWS\System\instcat.dll <=== This file only
C:\WINDOWS\System\Service.exe <=== This file only NOTE: Do NOT delete services.exe

8 - Delete Temporary Files
Double-click ATF-Cleaner.exe to run the program.
Under Select Files To Delete choose: Select All
If you rely on system remembered passwords, you should UNcheck Cookies.
Important Do not uncheck anything else!
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
Click the Empty Selected button.
NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

9 - Scan With AVG Anti-Spyware
Launch AVG Anti-Spyware, click on the Scanner button and choose the Settings tab.
  • Under How to act?, click on Recommended actions and choose Quarantine to set default action for detected malware.
  • Under How to Scan? check all (default).
  • Under Possibly unwanted software check all (default).
  • Under What to Scan? make sure Scan every file is selected (default).
  • Under Reports select Automatically generate report after every scan and UNcheck Only if threats were found.
Click the Scan tab to return to scanning options.
Click Complete System Scan to start.
When the scan has finished you will be presented with a list of infected objects found.
Click Apply all actions to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate No action taken, making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

Click on Save Report to view all completed scans. Click on the most recent scan you just performed and select Save report as - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
Exit AVG Anti-Spyware when done and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

Reboot your PC normally

10 - Kaspersky Online Scan
Please do an online scan with >Kaspersky Online Scanner<. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    o Scan using the following Anti-Virus database:
    + Extended (If available otherwise Standard)
    o Scan Options:
    + Scan Archives
    + Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
11 - Check on status
After you have completed the above, please reboot and provide:
  • the AVG Anti-Spyware report
  • the Kaspersky Scan report
  • a new HijackThis log
  • and a description of how your PC is behaving
If necessary, please post these reports in separate replies to avoid any information being cut off.

Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby mellow » October 23rd, 2006, 11:44 pm

thanks well here it is

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:39:24 PM 23/10/2006

+ Scan result:



C:\WINDOWS\system32\IEFilter.dll -> Logger.Small.ez : Cleaned with backup (quarantined).
C:\WINDOWS\system32\protector.exe -> Proxy.Wopla.ac : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ntio256.sys -> Rootkit.Agent.cf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iesniff.exe -> Trojan.Agent.tk : Cleaned with backup (quarantined).
C:\WINDOWS\system32\shliwaaa.exe -> Trojan.Pakes : Cleaned with backup (quarantined).


::Report end
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby mellow » October 23rd, 2006, 11:45 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 23, 2006 11:40:10 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/10/2006
Kaspersky Anti-Virus database records: 234220
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 48494
Number of viruses found: 5
Number of infected objects: 11 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:41:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\5d051a7bfd9c6a4ea74f66c2148f803b_3c388cf3-ea2c-4fe7-b0d2-a7c433a05a42 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-08292006-134051.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Phil_2\.housecall6.6\Quarantine\java.jar-bae16f0-60e2c0ce.zip.bac_a00436/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Phil_2\.housecall6.6\Quarantine\java.jar-bae16f0-60e2c0ce.zip.bac_a00436/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Phil_2\.housecall6.6\Quarantine\java.jar-bae16f0-60e2c0ce.zip.bac_a00436 ZIP: infected - 2 skipped
C:\Documents and Settings\Phil_2\.housecall6.6\Quarantine\java.jar-bae16f0-60e2c0ce.zip.bac_a00436 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Phil_2\.housecall6.6\Quarantine\Service.exe.bac_a00436 Infected: Trojan-Spy.Win32.Small.ez skipped
C:\Documents and Settings\Phil_2\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A1DFEAF2-9559-49F9-ABF8-0D4D265BAD89} Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\History\History.IE5\MSHist012006102320061024\index.dat Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Temp\Perflib_Perfdata_494.dat Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Temp\Perflib_Perfdata_84c.dat Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Temp\Perflib_Perfdata_b80.dat Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Temp\~DF5A70.tmp Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Temp\~DF94F1.tmp Object is locked skipped
C:\Documents and Settings\Phil_2\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Phil_2\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Phil_2\NtUser.dat.LOG Object is locked skipped
C:\HJT\backups\backup-20061023-213804-377.dll Infected: Trojan.Win32.Pakes skipped
C:\HJT\backups\backup-20061023-213804-585.dll Infected: Trojan.Win32.Pakes skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\TGTSoft\StyleXP\StyleXP.cache Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd1405.sys Object is locked skipped
C:\WINDOWS\system32\ert.dll Infected: Trojan-Proxy.Win32.Small.ct skipped
C:\WINDOWS\system32\gweobxnn.exe Infected: Trojan.Win32.Pakes skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MSIEHelper.dll Infected: Trojan-Spy.Win32.Small.ez skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby mellow » October 23rd, 2006, 11:46 pm

Logfile of HijackThis v1.99.1
Scan saved at 11:42:46 PM, on 23/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Everest Labs\Spydefense\sdc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Executive Software\Diskeeper\DfrgNTFS.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/ ... rf?lc=1033
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 64.229.222.56 l2testauthd.lineage2.com
O1 - Hosts: 64.229.222.56 l2authd.lineage2.com l2authd.lineage2.com
O1 - Hosts: nProtect.lineage2.com nProtect.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyDefense] C:\Program Files\Everest Labs\Spydefense\sdc.exe /service
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2297545859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1206843649
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab
O18 - Protocol: bw+0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby mellow » October 24th, 2006, 12:02 am

well it looks like winlogin.exe problem has come back, i tried to shut down my computer but it just restarted. atleast thats working but not the way it should be. somethings really screwed up with my computer
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby Vino Rosso » October 24th, 2006, 9:03 am

Hi Phil

1 - Computer Usage
The AVG Anti-Spyware log shows that your computer possibly has a rootkit. >Information on Rootkits<
If this proves to be the case and you use your computer for work/business and/or financial transactions, you should reformat and re-install for security purposes.

>How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?<

>When Should I Format, How Should I Reinstall?<

2 - Antivirus
It appears from your latest log that you are not running any AntiVirus application. What has happened to it?
You could get infected immediately you connect to the internet.

3 - KillBox
Please download Killbox by Option^Explicit from >here<
Note: In the event you already have Killbox, this is a new version that you should download.
Save it to your desktop.

Please double-click Killbox.exe to run it. Select:
  • Delete on Reboot
  • then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\Program Files\mIRC\mirc.exe
C:\WINDOWS\system32\ert.dll
C:\WINDOWS\system32\gweobxnn.exe
C:\WINDOWS\system32\MSIEHelper.dll
C:\WINDOWS\SYSTEM32\instcat.dll


Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

NB If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click >here< to download missingfilesetup.exe. When downloaded, double-click missingfilesetup.exe to run it then try Killbox again.

4 - Download and Run ComboFix
Download ComboFix from >here< to your Desktop
Double click combofix.exe follow the prompts
When finished, the program will produce a log for you
Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

5 - Check on status
After you have completed the above, please reboot and provide:
  • information about your anti-virus program
  • the ComboFix log
  • a new HijackThis log
Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby mellow » October 24th, 2006, 12:10 pm

hi again

i used to have avg wiht a faulty key so i deleted it and it wont let me install avg free. fo some reason i must have been logged on in 2 accounts and even though i deleted them both on each log somethin is still on my computer so i cant install avg free. is there another one i can download that i can use for free?
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby mellow » October 24th, 2006, 12:10 pm

Phil_2 - 06-10-24 12:06:48.15 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Phil_2\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-24 to 2006-10-24 ))))))))))))))))))))))))))))))))))


2006-10-23 20:42 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-21 20:11 27,648 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2006-10-18 18:02 0 --a------ C:\WINDOWS\system32\Service.exe
2006-10-18 17:28 127,208 --a------ C:\WINDOWS\system32\mucltui.dll
2006-10-11 09:21 94,208 --a------ C:\WINDOWS\system32\stp.dll
2006-10-11 00:17 6,788 --a------ C:\WINDOWS\system32\taskdir~.exe
2006-10-11 00:15 61 --a------ C:\WINDOWS\system32\idhvhri.dll
2006-10-11 00:15 196,608 --a------ C:\WINDOWS\system32\sbivnaaa.exe
2006-10-11 00:15 11,269 --a------ C:\WINDOWS\system32\paimaaaa.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-24 12:04 -------- d-------- C:\Program Files\mIRC
2006-10-23 20:45 -------- d-------- C:\Documents and Settings\Phil_2\Application Data\Azureus
2006-10-23 20:42 -------- d-------- C:\Program Files\Grisoft
2006-10-22 12:54 -------- d-------- C:\Documents and Settings\Phil_2\Application Data\Registry Booster
2006-10-21 21:08 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-21 21:06 -------- d-------- C:\Documents and Settings\Phil_2\Application Data\TrojanHunter
2006-10-21 20:11 -------- d-------- C:\Program Files\Windows Defender
2006-10-21 12:51 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-20 16:01 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-19 18:50 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-19 18:50 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-19 16:50 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-19 16:37 -------- d-------- C:\Program Files\Common Files
2006-10-18 19:09 -------- d-------- C:\Documents and Settings\Phil_2\Application Data\Windows Live Safety Center
2006-10-18 17:58 -------- d---s---- C:\Documents and Settings\Phil_2\Application Data\Microsoft
2006-10-18 17:58 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-18 17:58 -------- d-------- C:\Program Files\LIUtilities
2006-10-18 15:14 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-18 08:39 -------- d-------- C:\Program Files\Trend Micro
2006-10-18 00:22 -------- d-------- C:\Program Files\Internet Explorer
2006-10-16 16:34 -------- d-------- C:\Documents and Settings\Phil_2\Application Data\StumbleUpon
2006-10-11 21:03 -------- d-------- C:\Program Files\Common Files\Real
2006-10-11 21:03 -------- d-------- C:\Documents and Settings\Phil_2\Application Data\Real
2006-10-09 22:09 -------- d-------- C:\Program Files\MDI VIew
2006-10-04 18:24 23728 --a------ C:\Documents and Settings\Phil_2\Application Data\GDIPFONTCACHEV1.DAT
2006-09-26 20:47 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-09-26 20:28 -------- d-------- C:\Program Files\Sierra
2006-09-19 19:05 -------- d-------- C:\Program Files\Uniblue
2006-09-16 17:16 -------- d-------- C:\Documents and Settings\Phil_2\Application Data\Kazaa Lite
2006-09-13 21:04 -------- d-------- C:\Program Files\Yahoo!
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-09 00:26 75 --a------ C:\WINDOWS\system32\sysogg.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"="\\Program\\"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SpyDefense"="C:\\Program Files\\Everest Labs\\Spydefense\\sdc.exe /service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Logitech Utility"="Logi_MwX.Exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"IMEKRMIG6.1"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{3E898EEA-FEFA-451b-ACF2-7561F94B1191}"="gkj"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"ForceStartMenuLogOff"=dword:00000001
"NoWelcomeScreen"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\instcat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061023-213805-533
O21 - SSODL: IEFilter - {93D2D83F-66E6-48D5-B522-8FA88016D85E} - C:\WINDOWS\system32\IEFilter.dll
backup-20061023-213804-552
O20 - Winlogon Notify: instcat - C:\WINDOWS\SYSTEM32\instcat.dll
backup-20061023-213804-585
O2 - BHO: (no name) - {53A5132B-4E13-4FBE-837A-8890973A32C1} - C:\WINDOWS\system32\cjb.dll
backup-20061023-213804-377
O2 - BHO: (no name) - {E322C935-4800-4255-97BD-7A938FD14F20} - C:\WINDOWS\system32\cjb.dll
backup-20061023-213804-157
O15 - Trusted Zone: *.stumbleupon.com

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A7AA26F391F9A07B.job
C:\WINDOWS\tasks\A8B8053B9187B777.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-10-24 12:07:24.34
C:\ComboFix.txt ... 06-10-24 12:07
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby mellow » October 24th, 2006, 12:11 pm

Logfile of HijackThis v1.99.1
Scan saved at 12:10:16 PM, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Everest Labs\Spydefense\sdc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/ ... rf?lc=1033
O1 - Hosts: comments (such as these) may be inserted on individual
O1 - Hosts: 64.229.222.56 l2testauthd.lineage2.com
O1 - Hosts: 64.229.222.56 l2authd.lineage2.com l2authd.lineage2.com
O1 - Hosts: nProtect.lineage2.com nProtect.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpyDefense] C:\Program Files\Everest Labs\Spydefense\sdc.exe /service
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\WIDGET~1\WidgetEngine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: StumbleUpon: &Blog This - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/ ... 1.2.76.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 2297545859
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1206843649
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} - http://static.35mb.com/applet/applet_o.cab
O18 - Protocol: bw+0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {BB453CEB-542C-4080-96A4-707B9808F343} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: instcat - instcat.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby Vino Rosso » October 24th, 2006, 5:44 pm

Hi Phil

1 - Antivirus
It's possible that something is stopping you downloading AVG Free. Please try to install only ONE of the other two listed below. It's important that you have an antivirus running while connected to the internet.

» Avast!
» AntiVir

After installing, make sure the program updates itself then allow it to scan your system.

2 - KillBox
Please download Killbox by Option^Explicit from >here<
Note: In the event you already have Killbox, this is a new version that you should download.
Save it to your desktop.

Please double-click Killbox.exe to run it. Select:
  • Delete on Reboot
  • then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\Service.exe
C:\WINDOWS\system32\stp.dll
C:\WINDOWS\system32\taskdir~.exe
C:\WINDOWS\system32\idhvhri.dll
C:\WINDOWS\system32\sbivnaaa.exe
C:\WINDOWS\system32\paimaaaa.exe


Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

NB If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click >here< to download missingfilesetup.exe. When downloaded, double-click missingfilesetup.exe to run it then try Killbox again.

3 - Smitfraud Fix
Delete any version of Smitfraud you may already have - this is important as Smitfraud is updated very frequently
Download SmitfraudFix (by S!Ri) to your Desktop from >here<
Extract all the files and a folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

4 - GMER
Download Gmer from >here<
  • Disconnect from internet and close running programs.
  • There is a small chance this application may crash your computer so save any work you have open.
  • Double click gmer.exe
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at the program start about rootkit activity and asks if you want to run scan... confirm OK.
  • If no warning....
    • Click "Rootkit" tab and click "Scan"
  • Once done click "Copy"
  • Open Notepad and hit "ctrl+v" to paste the log.
  • Reconnect to the internet and post the log back to this thread
5 - Check on status
After you have completed the above, please provide:
  • the rapport.txt Smitfraud log
  • the GMER log
  • a new HijackThis log
  • and a description of how your PC is behaving
Good Luck
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby mellow » October 24th, 2006, 8:13 pm

SmitFraudFix v2.113

Scan done at 19:51:04.64, 24/10/2006
Run from C:\Documents and Settings\Phil_2\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Phil_2


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Phil_2\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Phil_2\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3E898EEA-FEFA-451b-ACF2-7561F94B1191}"="gkj"

[HKEY_CLASSES_ROOT\CLSID\{3E898EEA-FEFA-451b-ACF2-7561F94B1191}\InProcServer32]
@="C:\WINDOWS\system32\ert.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{3E898EEA-FEFA-451b-ACF2-7561F94B1191}\InProcServer32]
@="C:\WINDOWS\system32\ert.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm

Unread postby mellow » October 24th, 2006, 8:13 pm

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-24 20:09:19
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867A5C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867A5C78
Device \Driver\00000038 \Device\00000050 IRP_MJ_POWER [F7448A26] sptd.sys
Device \Driver\00000038 \Device\00000050 IRP_MJ_SYSTEM_CONTROL [F745CBD8] sptd.sys
Device \Driver\00000038 \Device\00000050 IRP_MJ_PNP [F745554E] sptd.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867C7788
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867C7788
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867C7A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86474A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867C7A40
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86467A38
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86467A38
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86474A40
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86474A40
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 863E3590
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 863E3590
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 863E3590
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 863E3590
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 863E3590
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 863E3590
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 863E3590
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 863E3590
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 863E3590
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 863E3590
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 863E3590
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 863E3590
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 867A5EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 867A5EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86554EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86554EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 86480338
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 86480338
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867C7A40
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867C7A40
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 864B1800
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 864B1800
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CREATE 867A50E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_CLOSE 867A50E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_DEVICE_CONTROL 867A50E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867A50E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_POWER 867A50E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_SYSTEM_CONTROL 867A50E8
Device \Driver\viasraid \Device\Scsi\viasraid1 IRP_MJ_PNP 867A50E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 863C1A68
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 863C1A68
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86544D70
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86544D70

---- Files - GMER 1.0.11 ----

ADS ...
ADS ...

---- EOF - GMER 1.0.11 ----
mellow
Regular Member
 
Posts: 28
Joined: October 21st, 2006, 8:45 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 339 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware