Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Drive Cleaner Popup as well as Exception Processing Message

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Drive Cleaner Popup as well as Exception Processing Message

Unread postby greenmonster14 » June 22nd, 2007, 4:06 pm

Hi,

I am new to this forum and am excited to receive valuable advice to rid me of these two problems I am currently dealing with. The first is this Exception processing Message....A popup comes up through Windows which says "No Disc Error" and Exception Processing Message c0000013 and then several letter and number sequences. This message does not go away, even after I try to x it out or press cancel on the error message itself. The only times this irritating annoyance occurs is when I attempt to run Adaware or Spybot Search and Destroy. Due to this Windows error coming up, both of those programs cannot do their thing.


The second issue I have is more recent. This popup is rearing its ugly head at various times. It has not been daily, but has happened enough for me to be concerned. It basically is pushing this product called Drive Cleaner....saying my computer is infected...yada yada....it causes two screens to pop up. I x both of them out and they go away....but obviously, my computer is infected with something and I would love any advice or suggestions as how to get rid of both my problems.

Here is my Hijackthis Log File...

Logfile of HijackThis v1.99.1
Scan saved at 12:49:47 AM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\igfxtray.exe
I:\WINDOWS\system32\hkcmd.exe
I:\WINDOWS\system32\igfxpers.exe
I:\WINDOWS\RTHDCPL.EXE
I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
I:\WINDOWS\Logi_MwX.Exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\WINDOWS\system32\NOTEPAD.EXE
I:\Program Files\WinRAR\WinRAR.exe
I:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.609\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] I:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] I:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] I:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Samsung LBP SM] "I:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - I:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5666245187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: igfxcui - I:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


Here is my uninstall list:

Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
Alarm 2.0.1
Avery Wizard 3.0
AVG Free Edition
Azureus
CDDRV_Installer
DiscJuggler
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EPSON Printer Software
FLAC Installer 1.1.3b (remove only)
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB935448)
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 11
Javaâ„¢ SE Runtime Environment 6 Update 1
KhalSetup
LimeWire 4.12.11
Logitech MouseWare 9.79.1
Logitech SetPoint
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.4)
MSXML 4.0 SP2 (KB927978)
neroxml
One-click Ringtone Converter
Panda ActiveScan
QuickTime
Realtek High Definition Audio Driver
Samsung ML-1710 Series
Samsung Printer Status Monitor
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Spybot - Search & Destroy 1.4
Switch Uninstall
Travelaxe
Ultra QuickTime Converter 1.1.8
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

Last but not least is my Activescan Report:


Incident Status Location

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Spyware:Cookie/2o7 Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.2o7.net/]
Spyware:Cookie/2o7 Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/2o7 Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.overture.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[server.iad.liveperson.net/hc/74599921]
Spyware:Cookie/Server.iad.Liveperson Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.server.iad.liveperson.net/]
Spyware:Cookie/Advertising Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.go.com/]
Spyware:Cookie/Tradedoubler Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Zedo Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Searchportal Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/WebtrendsLive Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.statse.webtrendslive.com/S151323]
Spyware:Cookie/WebtrendsLive Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.statse.webtrendslive.com/S151311]
Spyware:Cookie/WebtrendsLive Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.statse.webtrendslive.com/S146260]
Spyware:Cookie/WUpd Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Yadro Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Target Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.target.com/]
Spyware:Cookie/QkSrv Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Tribalfusion Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Serving-sys Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/SexList Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/RealMedia Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adserver Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/web-stat Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.www.web-stat.com/ENGLISH/CGI-BIN/]
Spyware:Cookie/Falkag Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/YieldManager Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/AdDynamix Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Belnk Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Clickbank Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Com.com Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Adrevolver Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Hitbox Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/Hitslink Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.counter.hitslink.com/]
Spyware:Cookie/Bluestreak Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Bridgetrack Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.citi.bridgetrack.com/]
Spyware:Cookie/FastClick Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Overture Not disinfected I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vn1dv2k5.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/PointRoll Not disinfected I:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected I:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected I:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt
Spyware:Cookie/Hitbox Not disinfected I:\Documents and Settings\Owner\Cookies\owner@ehg-dig.hitbox[2].txt
Spyware:Cookie/Go Not disinfected I:\Documents and Settings\Owner\Cookies\owner@go[1].txt
Spyware:Cookie/Mediaplex Not disinfected I:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected I:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt
Virus:Malware Generic Not disinfected K:\Nero\Nero-7.8.5.0_eng_trial.exe[Toolbar.exe]


Thank you so much to whomever addresses my issues. I am very much appreciative for the time you will take to help me fix my problems.



--------------------

Go Sox Go!!
greenmonster14
Active Member
 
Posts: 6
Joined: June 22nd, 2007, 4:02 pm
Advertisement
Register to Remove

Unread postby random/random » June 23rd, 2007, 9:15 am

You are running a P2P filesharing programme.
  • Many of these programmes come with unwanted components bundled with them.
  • If you wish to find out whether the one you're using does click here.
Please note: Even if you are using a "safe" P2P programme, it is only the programme that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.


My recommendation is you uninstall it.

Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.

    J2SE Runtime Environment 5.0 Update 11 << This is an older, exploitable version of Java

You're currently running HijackThis from within a ZIP file. Please delete your current copy of HijackThis and do the following

  • Download HJTsetup.exe from here
  • Double click on HJTsetup.exe to start the install of HijackThis by merijn
  • Click Next>
  • Click Next>
  • Click Next>
  • Select the option to Create a desktop icon
  • Click Next>
  • Click Install
  • Click Finish
  • Click Do a system scan and save a logfile
  • It will produce a log for you, post the contents of that log as a reply to this topic
  • Note: To run HijackThis again in future, double click on the HijackThis shortcut on your desktop
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

my hijackthis log response

Unread postby greenmonster14 » June 23rd, 2007, 12:15 pm

Thank you for your prompt reply to my query. I do appreciate the time you are taking with my issue.




Logfile of HijackThis v1.99.1
Scan saved at 9:10:58 AM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\igfxtray.exe
I:\WINDOWS\system32\hkcmd.exe
I:\WINDOWS\system32\igfxpers.exe
I:\WINDOWS\RTHDCPL.EXE
I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
I:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
I:\WINDOWS\Logi_MwX.Exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
I:\WINDOWS\system32\wuauclt.exe
I:\WINDOWS\system32\msiexec.exe
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] I:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] I:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] I:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Samsung LBP SM] "I:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - I:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5666245187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: igfxcui - I:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
greenmonster14
Active Member
 
Posts: 6
Joined: June 22nd, 2007, 4:02 pm

Unread postby random/random » June 23rd, 2007, 12:23 pm

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Then close all windows except HijackThis and click Fix Checked

  • Please download F-Secure Blacklight (fsbl.exe) from here
  • Save into C:\ with a name of fsbl.exe
  • Go to Start > Run
  • Copy and paste the contents of the below codebox into the run box
    Code: Select all
    C:\fsbl.exe /expert
  • Click OK
  • This will launch BlackLight
  • Select I accept the agreement
  • Click Next
  • Click Scan
  • Wait for the scan to finish
  • Click on Next>
  • Click Exit
  • A logfile will have been created in the C:\ drive
  • It will be named fsbl-xxxxxxxxxxxxxx.log where xxxxxxxxxxxxxx is the date and time of the scan
  • Use notepad to open that log
  • Post the contents of that log as a reply to this topic, along with a new HijackThis log
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

here ya go THANKS!

Unread postby greenmonster14 » June 23rd, 2007, 6:32 pm

Here is the Blacklight log file:


06/23/07 15:24:45 [Info]: BlackLight Engine 1.0.64 initialized
06/23/07 15:24:45 [Info]: OS: 5.1 build 2600 (Service Pack 2)
06/23/07 15:24:46 [Note]: 7019 4
06/23/07 15:24:46 [Note]: 7005 0
06/23/07 15:24:51 [Note]: 7006 0
06/23/07 15:24:51 [Note]: 7022 0
06/23/07 15:24:51 [Note]: 7011 1908
06/23/07 15:24:51 [Note]: 7026 0
06/23/07 15:24:52 [Note]: 7026 0
06/23/07 15:24:58 [Note]: FSRAW library version 1.7.1022
06/23/07 15:24:58 [Note]: 2000 1012
06/23/07 15:27:33 [Note]: 7007 0


Here is the new HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:29:47 PM, on 6/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\igfxtray.exe
I:\WINDOWS\system32\hkcmd.exe
I:\WINDOWS\system32\igfxpers.exe
I:\WINDOWS\RTHDCPL.EXE
I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
I:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe
I:\WINDOWS\Logi_MwX.Exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE
I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Logitech\SetPoint\SetPoint.exe
I:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
I:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] I:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] I:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] I:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Samsung LBP SM] "I:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX4800 Series] I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - I:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5666245187
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: igfxcui - I:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - I:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


Thanks!
greenmonster14
Active Member
 
Posts: 6
Joined: June 22nd, 2007, 4:02 pm

Unread postby random/random » June 23rd, 2007, 6:41 pm

  • Download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby greenmonster14 » June 23rd, 2007, 6:57 pm

gmerrk.txt:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-23 15:50:03
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

Code E855C0F7 IoWriteOperationCount

---- Kernel code sections - GMER 1.0.12 ----

? I:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F7EEF62C 5 Bytes JMP 8224F1B8
? I:\WINDOWS\system32\DRIVERS\update.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823DA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823DA1D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 81EB31D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 81EB31D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F899A85A] avgtdi.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 822F91D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 822F91D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 822F91D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 822F91D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 822F91D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 822F91D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 822F91D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 822F91D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 822F91D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 822F91D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 822F91D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 822F91D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 822F91D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 822F91D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 822F91D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 822F91D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 823271D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 823271D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 823271D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 823271D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 823271D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 823271D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 823271D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F899A85A] avgtdi.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823691D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 822321D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 822321D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 823691D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 823691D8
Device \Driver\usbstor \Device\00000065 IRP_MJ_CREATE 81E6A6A8
Device \Driver\usbstor \Device\00000065 IRP_MJ_CLOSE 81E6A6A8
Device \Driver\usbstor \Device\00000065 IRP_MJ_READ 81E6A6A8
Device \Driver\usbstor \Device\00000065 IRP_MJ_WRITE 81E6A6A8
Device \Driver\usbstor \Device\00000065 IRP_MJ_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000065 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000065 IRP_MJ_POWER 81E6A6A8
Device \Driver\usbstor \Device\00000065 IRP_MJ_SYSTEM_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000065 IRP_MJ_PNP 81E6A6A8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 822321D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 822321D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CREATE 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_CLOSE 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_POWER 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_SYSTEM_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 IRP_MJ_PNP 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 823DB1D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 823DB1D8
Device \Driver\usbstor \Device\00000066 IRP_MJ_CREATE 81E6A6A8
Device \Driver\usbstor \Device\00000066 IRP_MJ_CLOSE 81E6A6A8
Device \Driver\usbstor \Device\00000066 IRP_MJ_READ 81E6A6A8
Device \Driver\usbstor \Device\00000066 IRP_MJ_WRITE 81E6A6A8
Device \Driver\usbstor \Device\00000066 IRP_MJ_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000066 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000066 IRP_MJ_POWER 81E6A6A8
Device \Driver\usbstor \Device\00000066 IRP_MJ_SYSTEM_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000066 IRP_MJ_PNP 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_CREATE 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_CLOSE 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_READ 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_WRITE 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_POWER 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_SYSTEM_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000067 IRP_MJ_PNP 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_CREATE 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_CLOSE 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_READ 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_WRITE 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_POWER 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_SYSTEM_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000068 IRP_MJ_PNP 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_CREATE 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_CLOSE 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_READ 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_WRITE 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_INTERNAL_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_POWER 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_SYSTEM_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\00000069 IRP_MJ_PNP 81E6A6A8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81E89980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81E89980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81E89980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81E89980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81E89980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81E89980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2337D390-2472-4774-B22C-DC3C1B908B4E} IRP_MJ_CREATE 81E89980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2337D390-2472-4774-B22C-DC3C1B908B4E} IRP_MJ_CLOSE 81E89980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2337D390-2472-4774-B22C-DC3C1B908B4E} IRP_MJ_DEVICE_CONTROL 81E89980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2337D390-2472-4774-B22C-DC3C1B908B4E} IRP_MJ_INTERNAL_DEVICE_CONTROL 81E89980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2337D390-2472-4774-B22C-DC3C1B908B4E} IRP_MJ_CLEANUP 81E89980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2337D390-2472-4774-B22C-DC3C1B908B4E} IRP_MJ_PNP 81E89980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81E89980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81E89980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81E89980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81E89980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81E89980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81E89980
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F899A85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F899A85A] avgtdi.sys
Device \Driver\usbstor \Device\0000006b IRP_MJ_CREATE 81E6A6A8
Device \Driver\usbstor \Device\0000006b IRP_MJ_CLOSE 81E6A6A8
Device \Driver\usbstor \Device\0000006b IRP_MJ_READ 81E6A6A8
Device \Driver\usbstor \Device\0000006b IRP_MJ_WRITE 81E6A6A8
Device \Driver\usbstor \Device\0000006b IRP_MJ_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\0000006b IRP_MJ_INTERNAL_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\0000006b IRP_MJ_POWER 81E6A6A8
Device \Driver\usbstor \Device\0000006b IRP_MJ_SYSTEM_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\0000006b IRP_MJ_PNP 81E6A6A8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 822F91D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 822F91D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 822F91D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 822F91D8
Device \Driver\usbstor \Device\0000006d IRP_MJ_CREATE 81E6A6A8
Device \Driver\usbstor \Device\0000006d IRP_MJ_CLOSE 81E6A6A8
Device \Driver\usbstor \Device\0000006d IRP_MJ_READ 81E6A6A8
Device \Driver\usbstor \Device\0000006d IRP_MJ_WRITE 81E6A6A8
Device \Driver\usbstor \Device\0000006d IRP_MJ_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\0000006d IRP_MJ_INTERNAL_DEVICE_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\0000006d IRP_MJ_POWER 81E6A6A8
Device \Driver\usbstor \Device\0000006d IRP_MJ_SYSTEM_CONTROL 81E6A6A8
Device \Driver\usbstor \Device\0000006d IRP_MJ_PNP 81E6A6A8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 822F91D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 822F91D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 822F91D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 822F91D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81E80858
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81E80858
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F899A85A] avgtdi.sys
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 822F91D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 822F91D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 822F91D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 822F91D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81E80858
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81E80858
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 822F91D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 822F91D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 822F91D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 822F91D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 822F91D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 823271D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 823271D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 823271D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 823271D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 823271D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 823271D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 823271D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 823691D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 823691D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 81EB31D8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 81EB31D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81EB11D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81EB11D8

---- EOF - GMER 1.0.12 ----


Gmerautos.txt:

GMER 1.0.12.12244 - http://www.gmer.net
Autostart scan 2007-06-23 15:53:06
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = I:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
igfxcui@DLLName = igfxdev.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = I:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = I:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = I:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = I:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
UMWdf /*Windows User Mode Driver Framework*/@ = I:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@igfxtrayI:\WINDOWS\system32\igfxtray.exe = I:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdI:\WINDOWS\system32\hkcmd.exe = I:\WINDOWS\system32\hkcmd.exe
@igfxpersI:\WINDOWS\system32\igfxpers.exe = I:\WINDOWS\system32\igfxpers.exe
@RTHDCPLRTHDCPL.EXE = RTHDCPL.EXE
@SkyTelSkyTel.EXE = SkyTel.EXE
@AVG7_CCI:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = I:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@Samsung LBP SM"I:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun = "I:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
@Logitech UtilityLogi_MwX.Exe = Logi_MwX.Exe
@Logitech Hardware Abstraction LayerKHALMNPR.EXE = KHALMNPR.EXE
@QuickTime Task"I:\Program Files\QuickTime\qttask.exe" -atboottime = "I:\Program Files\QuickTime\qttask.exe" -atboottime
@EPSON Stylus CX4800 SeriesI:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800" = I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE /P26 "EPSON Stylus CX4800 Series" /O6 "USB002" /M "Stylus CX4800"
@Adobe Reader Speed Launcher"I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@SunJavaUpdateSched"I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" = "I:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@swgI:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" /*file not found*/ = "I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/I:\Program Files\Grisoft\AVG Free\avgse.dll = I:\Program Files\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/I:\Program Files\Grisoft\AVG Free\avgse.dll = I:\Program Files\Grisoft\AVG Free\avgse.dll
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/I:\Program Files\Logitech\SetPoint\kbcplext.dll = I:\Program Files\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/I:\Program Files\Logitech\SetPoint\mcplext.dll = I:\Program Files\Logitech\SetPoint\mcplext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/I:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = I:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/I:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = I:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/I:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = I:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/I:\Program Files\Microsoft Office\OFFICE11\msohev.dll = I:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/I:\Program Files\WinRAR\rarext.dll = I:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = I:\Program Files\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = I:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{52061AFE-582E-4849-B69F-8FCD24E1EAA4} = I:\Program Files\One-click Ringtone Converter\shell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = I:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{52061AFE-582E-4849-B69F-8FCD24E1EAA4} = I:\Program Files\One-click Ringtone Converter\shell.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = I:\Program Files\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = I:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}I:\Program Files\Spybot - Search & Destroy\SDHelper.dll = I:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll = I:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}i:\program files\google\googletoolbar2.dll = i:\program files\google\googletoolbar2.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll = I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = I:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.yahoo.com/ = http://www.yahoo.com/
@Local PageI:\WINDOWS\system32\blank.htm = I:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = I:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = I:\WINDOWS\system32\msvidctl.dll
its@CLSID = I:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = I:\WINDOWS\system32\itss.dll
mso-offdap@CLSID = I:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = I:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = I:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = I:\WINDOWS\system32\wiascr.dll

I:\Documents and Settings\All Users\Start Menu\Programs\Startup = Logitech SetPoint.lnk

---- EOF - GMER 1.0.12 ----
greenmonster14
Active Member
 
Posts: 6
Joined: June 22nd, 2007, 4:02 pm

Unread postby random/random » June 24th, 2007, 1:42 pm

Are you still getting drive cleaner popups?
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby greenmonster14 » June 24th, 2007, 1:49 pm

No....however, that popup was not a daily occurance. From what you can observe, should it be irradicated? Hopefully it is gone for good.

My other problem is still taking place. I get an Exception Processing Message c0000013 parameters 75b6bf9c 4 75b6bf9c every time I attempt to run ad-aware or spybot s&d. As a result of this, I cannot run these two programs. The error message does not go away until I close either of those two programs.


Please help me to rectify this.


Thanks
greenmonster14
Active Member
 
Posts: 6
Joined: June 22nd, 2007, 4:02 pm

Unread postby random/random » June 24th, 2007, 1:53 pm

Did the popup only appear when you were browsing? If so, I suspect it came from the site you were visiting

  • Download Autoruns from here
  • Unzip/extract it to a folder on your desktop
  • Double click on autoruns.exe to start Autoruns
  • Wait for it to finish scanning
  • Under Options make sure the following options are slected
    • Verify Code Signatures
    • Hide Signed Microsoft Entries
  • Click File > Refresh
  • Click File > Save As
  • Save it to the desktop as autoruns.txt
  • Post the contents of autoruns.txt as a reply to this topic
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby greenmonster14 » June 24th, 2007, 2:02 pm

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Adobe Reader Speed Launcher Adobe Acrobat SpeedLauncher (Verified) Adobe Systems, Incorporated i:\program files\adobe\reader 8.0\reader\reader_sl.exe
+ AVG7_CC AVG Control Center (Not verified) GRISOFT, s.r.o. i:\program files\grisoft\avg free\avgcc.exe
+ QuickTime Task QuickTime Task (Not verified) Apple Computer, Inc. i:\program files\quicktime\qttask.exe
+ Samsung LBP SM Samsung Status Monitor Manager (Not verified) Samsung Electronics. i:\windows\samsung\lasersmmgr\ssmmgr.exe
+ SunJavaUpdateSched Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. i:\program files\java\jre1.6.0_01\bin\jusched.exe
I:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ Logitech SetPoint.lnk Logitech SetPoint Event Manager (UNICODE) (Not verified) Logitech Inc. i:\program files\logitech\setpoint\setpoint.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} File not found: I:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
+ swg GoogleToolbarNotifier (Verified) Google Inc i:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ AVG7 Find Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. i:\program files\grisoft\avg free\avgse.dll
+ AVG7 Shell Extension AVG Shell Extension (Not verified) GRISOFT, s.r.o. i:\program files\grisoft\avg free\avgse.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ Logitech Setpoint Extension Logitech SetPoint Event Manager (Not verified) Logitech Inc. i:\program files\logitech\setpoint\kbcplext.dll
+ Logitech Setpoint Extension Logitech SetPoint Event Manager (Not verified) Logitech Inc. i:\program files\logitech\setpoint\mcplext.dll
+ WinRAR shell extension i:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\Shellex\ColumnHandlers
+ PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. i:\program files\common files\adobe\acrobat\activex\pdfshell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe PDF Helper for Internet Explorer (Verified) Adobe Systems, Incorporated i:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
+ Google Toolbar Helper Google IE Client Toolbar (Verified) Google Inc i:\program files\google\googletoolbar2.dll
+ Google Toolbar Notifier BHO GoogleToolbarNotifier (Verified) Google Inc i:\program files\google\googletoolbarnotifier\2.0.301.7164\swg.dll
+ SSVHelper Class Java(TM) Platform SE binary (Verified) Sun Microsystems, Inc. i:\program files\java\jre1.6.0_01\bin\ssv.dll
+ {53707962-6F74-2D53-2644-206D7942484F} Bad download blocker (Verified) Safer Networking Ltd. i:\program files\spybot - search & destroy\sdhelper.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ googletoolbar2.dll Google IE Client Toolbar (Verified) Google Inc i:\program files\google\googletoolbar2.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Travelaxe Travelaxe (Not verified) Travelaxe, Inc. i:\program files\travelaxe\travelaxe.exe
HKLM\System\CurrentControlSet\Services
+ Avg7Alrt AVG Alert Manager (Not verified) GRISOFT, s.r.o. i:\program files\grisoft\avg free\avgamsvr.exe
+ Avg7UpdSvc AVG Update Service (Not verified) GRISOFT, s.r.o. i:\program files\grisoft\avg free\avgupsvc.exe
+ AVGEMS AVG E-Mail Scanner (Not verified) GRISOFT, s.r.o. i:\program files\grisoft\avg free\avgemc.exe
+ StarWindService Enables network access to local devices via iSCSI protocol. (Not verified) Rocket Division Software i:\program files\alcohol soft\alcohol 120\starwind\starwindservice.exe
HKLM\System\CurrentControlSet\Services
+ Avg7Core AVG Scanning Engine (Not verified) GRISOFT, s.r.o. i:\windows\system32\drivers\avg7core.sys
+ Avg7RsW AVG Resident Shield Unload Helper (Not verified) GRISOFT, s.r.o. i:\windows\system32\drivers\avg7rsw.sys
+ Avg7RsXP AVG Resident Anti-Virus Shield (Not verified) GRISOFT, s.r.o. i:\windows\system32\drivers\avg7rsxp.sys
+ AvgClean AVG7 Clean Driver (Not verified) GRISOFT, s.r.o. i:\windows\system32\drivers\avgclean.sys
+ AvgTdi AVG Network connection watcher (Not verified) GRISOFT, s.r.o. i:\windows\system32\drivers\avgtdi.sys
+ gmer GMER Driver http://www.gmer.net (Not verified) GMER i:\windows\system32\drivers\gmer.sys
+ pfc Padus(R) ASPI Shell (Not verified) Padus, Inc. i:\windows\system32\drivers\pfc.sys
+ sptd i:\windows\system32\drivers\sptd.sys



Are you going to be able to address the other issue that is still annoyingly taking place? I hope so. I appreciate all the time you are taking with my issue.
greenmonster14
Active Member
 
Posts: 6
Joined: June 22nd, 2007, 4:02 pm

Unread postby random/random » June 24th, 2007, 2:05 pm

The logs are malware free

Have you tried uninstalling spybot S&D and ad-aware & reinstalling them?

If not, please do so
User avatar
random/random
Developer
Developer
 
Posts: 7723
Joined: December 18th, 2005, 3:30 pm

Unread postby NonSuch » July 7th, 2007, 4:33 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27230
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware