HiJackThis Logfile

annabanana973 · 2007/05/06

Hi, I'm having problems with my computer (as usual). Sorry for posting my problems in your thread, either I can't start my own thread because I'm new or I'm a complete idiot and can't figure out how. Whatever the case may be, please help! Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 4:30:44 AM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\LogMeIn\RaMaint.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
e:\progra~1\intern~1\iexplore.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {19E3E530-A27C-46A7-90EC-906FCB1B7D08} - E:\WINDOWS\system32\pmnll.dll
O2 - BHO: (no name) - {26FAFD75-1005-41F6-978D-178C00165C0B} - E:\WINDOWS\system32\vtuturo.dll
O2 - BHO: E:\WINDOWS\system32\ldfksdioduihj.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - E:\WINDOWS\system32\ldfksdioduihj.dll
O2 - BHO: (no name) - {c9609b24-c46a-49a4-95bb-b6deb9dc7347} - E:\WINDOWS\system32\hidocx.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe "
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [Rect Idle] E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\SHOWEX~1\long send audio.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167871446015
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: crypt32net - E:\WINDOWS\SYSTEM32\crypt32net.dll
O20 - Winlogon Notify: hidocx - E:\WINDOWS\SYSTEM32\hidocx.dll
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O20 - Winlogon Notify: partnershipreg - E:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O20 - Winlogon Notify: pmnll - E:\WINDOWS\system32\pmnll.dll
O20 - Winlogon Notify: rpcc1 - E:\WINDOWS\system32\rpcc1.dll
O20 - Winlogon Notify: vtuturo - E:\WINDOWS\SYSTEM32\vtuturo.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\QW5uYSBMdXp6aQ\command.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - E:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Maya 7 PLE Documentation Server (mple7docserver) - Unknown owner - C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

Geri · 2007/05/06

Hi annabanana973

Well you have quite the mess going on here
Follow all instructions in the order given.

Some of these infections steals passwords . I would suggest you change all passwords using a Non-infected computer (Not this one) and refrain from any credit card or financial dealings until clean. Contact any credit card or banks for possible fraud on your account.

Just download this, DO NOT run it unless you lose internet access.
A malicious .DLL file is disrupting the LSP chain on your computer.

Please download LSPFix from here.

To Run the LSPFix.exe that you have downloaded.

Check the I know what I'm doing box.

In the Keep box you should see one or more instances of ohlnkhjusip.dll.

Select every instance of ohlnkhjusip.dll and move each one to the Remove box by clicking the >> button.

When you are done click Finish>>.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, the Advanced Options Menu should appear;

Select the first option, to run Windows in Safe Mode, then press Enter.

Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.

Type Y to begin the cleanup process.

It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

Press any Key and it will restart the PC.

When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).

Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3

First close any other programs you have running as this will require a reboot

Double click NoLop.exe to run it

Now click the button labelled "Search and Destroy "
<<your computer will now be scanned for infected files>>

When scanning is finished you will be prompted to reboot only if infected, Click OK

Now click the "REBOOT" Button.

A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --

Please download VundoFix.exe to your desktop

Double-click VundoFix.exe to run it.

Click the Scan for Vundo button.

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will reboot your computer, click OK.

Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please post all the logs and a New HJT log.

Thanks
Geri

annabanana973 · 2007/05/07

Logs

I can't find a log for NoLop, but no affections found when I ran it again. Ahh... I think I did everything else.

SDFix: Version 1.83

Run by Administrator - Mon 05/07/2007 - 2:25:40.15

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages
kprof
new_drv
ntldr.sys
poof
TCP and UDP Supp0rt

ImagePath:
"E:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000213
\??\E:\WINDOWS\system32\kprof
\??\E:\WINDOWS\new_drv.sys
\??\C:\ntldr.sys
\??\E:\WINDOWS\system32\poof
E:\WINDOWS\system32\tccpip.exe /winnt

COM+ Messages - Deleted
kprof - Deleted
new_drv - Deleted
ntldr.sys - Deleted
poof - Deleted
TCP and UDP Supp0rt - Deleted

Killing PID 492 'smss.exe'
Killing PID 564 'winlogon.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service

---------------

VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 3:56:03 AM 5/7/2007

Listing files found while scanning....

E:\WINDOWS\system32\almhsvcn.dll
E:\WINDOWS\system32\llnmp.bak1
E:\WINDOWS\system32\llnmp.ini
E:\WINDOWS\system32\pmnll.dll
E:\WINDOWS\system32\vtuturo.dll

Beginning removal...

Attempting to delete E:\WINDOWS\system32\almhsvcn.dll
E:\WINDOWS\system32\almhsvcn.dll Has been deleted!

Attempting to delete E:\WINDOWS\system32\llnmp.bak1
E:\WINDOWS\system32\llnmp.bak1 Has been deleted!

Attempting to delete E:\WINDOWS\system32\llnmp.ini
E:\WINDOWS\system32\llnmp.ini Has been deleted!

Attempting to delete E:\WINDOWS\system32\pmnll.dll
E:\WINDOWS\system32\pmnll.dll Has been deleted!

Attempting to delete E:\WINDOWS\system32\vtuturo.dll
E:\WINDOWS\system32\vtuturo.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 4:38:12 AM, on 5/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\db\slserver52\bin\swagent.exe
C:\Program Files\db\slserver52\bin\swstrtr.exe
C:\Program Files\db\slserver52\bin\swsoc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 84.252.148.113 www.affinityfcu.org
O1 - Hosts: 84.252.148.113 affinityfcu.org
O1 - Hosts: 84.252.148.113 www.azfcu.org
O1 - Hosts: 84.252.148.113 azfcu.org
O1 - Hosts: 84.252.148.113 www.zionbank.com
O1 - Hosts: 84.252.148.113 zionbank.com
O1 - Hosts: 84.252.148.113 www.royalbank.com
O1 - Hosts: 84.252.148.113 royalbank.com
O1 - Hosts: 84.252.148.113 www.desjardins.com
O1 - Hosts: 84.252.148.113 desjardins.com
O1 - Hosts: 84.252.148.113 www.suncoastfcu.org
O1 - Hosts: 84.252.148.113 suncoastfcu.org
O1 - Hosts: 84.252.148.113 capitalone.com
O1 - Hosts: 84.252.148.113 www.capitalone.com
O1 - Hosts: 84.252.148.113 www.bankofamerica.com
O1 - Hosts: 84.252.148.113 bankofamerica.com
O1 - Hosts: 84.252.148.113 www.chase.com
O1 - Hosts: 84.252.148.113 chase.com
O1 - Hosts: 84.252.148.113 www.southtrust.com
O1 - Hosts: 84.252.148.113 southtrust.com
O1 - Hosts: 84.252.148.113 www.wachovia.com
O1 - Hosts: 84.252.148.113 wachovia.com
O1 - Hosts: 84.252.148.113 www.wellsfargo.com
O1 - Hosts: 84.252.148.113 wellsfargo.com
O1 - Hosts: 84.252.148.113 www.citi.com
O1 - Hosts: 84.252.148.113 citi.com
O1 - Hosts: 84.252.148.113 www.citibank.com
O1 - Hosts: 84.252.148.113 citibank.com
O1 - Hosts: 84.252.148.113 www.etrade.com
O1 - Hosts: 84.252.148.113 etrade.com
O1 - Hosts: 84.252.148.113 www.neteller.com
O1 - Hosts: 84.252.148.113 neteller.com
O1 - Hosts: 84.252.148.113 tcfbank.com
O1 - Hosts: 84.252.148.113 www.tcfbank.com
O1 - Hosts: 84.252.148.113 comerica.com
O1 - Hosts: 84.252.148.113 www.comerica.com
O1 - Hosts: 84.252.148.113 www.3riversfcu.org
O1 - Hosts: 84.252.148.113 3riversfcu.org
O1 - Hosts: 84.252.148.113 www.53.com
O1 - Hosts: 84.252.148.113 53.com
O1 - Hosts: 84.252.148.113 www.bbt.com
O1 - Hosts: 84.252.148.113 bbt.com
O1 - Hosts: 84.252.148.113 www.cnbwax.com
O1 - Hosts: 84.252.148.113 cnbwax.com
O1 - Hosts: 84.252.148.113 www.cwbk.com
O1 - Hosts: 84.252.148.113 cwbk.com
O1 - Hosts: 84.252.148.113 www.edsefcu.org
O1 - Hosts: 84.252.148.113 edsefcu.org
O1 - Hosts: 84.252.148.113 www.firstusa.com
O1 - Hosts: 84.252.148.113 firstusa.com
O1 - Hosts: 84.252.148.113 www.frontierbank.com
O1 - Hosts: 84.252.148.113 frontierbank.com
O1 - Hosts: 84.252.148.113 www.gncu.org
O1 - Hosts: 84.252.148.113 gncu.org
O1 - Hosts: 84.252.148.113 www.householdbank.com
O1 - Hosts: 84.252.148.113 householdbank.com
O1 - Hosts: 84.252.148.113 www.icicibank.com
O1 - Hosts: 84.252.148.113 icicibank.com
O1 - Hosts: 84.252.148.113 www.mbna.com
O1 - Hosts: 84.252.148.113 mbna.com
O1 - Hosts: 84.252.148.113 www.mibank.com
O1 - Hosts: 84.252.148.113 mibank.com
O1 - Hosts: 84.252.148.113 www.midamericabank.com
O1 - Hosts: 84.252.148.113 midamericabank.com
O1 - Hosts: 84.252.148.113 www.myindymacbank.com
O1 - Hosts: 84.252.148.113 myindymacbank.com
O1 - Hosts: 84.252.148.113 www.nafcunet.org
O1 - Hosts: 84.252.148.113 nafcunet.org
O1 - Hosts: 84.252.148.113 www.nationalcity.com
O1 - Hosts: 84.252.148.113 nationalcity.com
O1 - Hosts: 84.252.148.113 www.cnb.com
O1 - Hosts: 84.252.148.113 cnb.com
O1 - Hosts: 84.252.148.113 www.nationwide.com
O1 - Hosts: 84.252.148.113 nationwide.com
O1 - Hosts: 84.252.148.113 www.netbank.com
O1 - Hosts: 84.252.148.113 netbank.com
O1 - Hosts: 84.252.148.113 www.netbank.com
O1 - Hosts: 84.252.148.113 netbank.com.au
O1 - Hosts: 84.252.148.113 www.netbank.com.au
O1 - Hosts: 84.252.148.113 www.commbank.com.au
O1 - Hosts: 84.252.148.113 www.postfinance.com
O1 - Hosts: 84.252.148.113 postfinance.com
O1 - Hosts: 84.252.148.113 www.providian.com
O1 - Hosts: 84.252.148.113 providian.com
O1 - Hosts: 84.252.148.113 www.sbbt.com
O1 - Hosts: 84.252.148.113 sbbt.com
O1 - Hosts: 84.252.148.113 www.sears.com
O1 - Hosts: 84.252.148.113 sears.com
O1 - Hosts: 84.252.148.113 telcomcu.com
O1 - Hosts: 84.252.148.113 www.telcomcu.com
O1 - Hosts: 84.252.148.113 www.tcuonline.org
O1 - Hosts: 84.252.148.113 tcuonline.org
O1 - Hosts: 84.252.148.113 www.uofcfcu.com
O1 - Hosts: 84.252.148.113 uofcfcu.com
O1 - Hosts: 84.252.148.113 www.usaa.com
O1 - Hosts: 84.252.148.113 usaa.com
O1 - Hosts: 84.252.148.113 www.warrenfcu.com
O1 - Hosts: 84.252.148.113 warrenfcu.com
O1 - Hosts: 84.252.148.113 visionsfcu.org
O1 - Hosts: 84.252.148.113 www.visionsfcu.org
O1 - Hosts: 84.252.148.113 www.tcfexpress.com
O2 - BHO: E:\WINDOWS\system32\ldfksdioduihj.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - E:\WINDOWS\system32\ldfksdioduihj.dll
O2 - BHO: (no name) - {c9609b24-c46a-49a4-95bb-b6deb9dc7347} - E:\WINDOWS\system32\hidocx.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ttool] E:\WINDOWS\9129837.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167871446015
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: crypt32net - E:\WINDOWS\SYSTEM32\crypt32net.dll
O20 - Winlogon Notify: hidocx - E:\WINDOWS\SYSTEM32\hidocx.dll
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O20 - Winlogon Notify: rpcc1 - E:\WINDOWS\system32\rpcc1.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\QW5uYSBMdXp6aQ\command.exe (file missing)
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\Program Files\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\Program Files\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\Program Files\db\slserver52\bin\swstrtr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Maya 7 PLE Documentation Server (mple7docserver) - Unknown owner - C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

Geri · 2007/05/07

Hi annabanana973

I have asked Blender and TeMerc to come here and take a look, Blender or TeMerc may take this thread over.
This could be more then I can handle at this time. and They know more then I do at this point
So please give them time to look things over.

Thanks
Geri

Blender · 2007/05/08

Hi,

Thanks Geri for the good start.

annabanana973:

I'll need a couple other logs from you to see a better picture what all is happening.

As Geri warned you about not doing any banking on this computer is well warented.
Not only keylogging going on but also many bank sites are being re-directed to malicious sites. So if you log into your bank it really goes to the attackers site so they can steal your info!

Download Gmer from here:

http://www.gmer.net/gmer.zip

Unzip it.
Disconnect from internet & shut down Antivirus to prevent conflicts.
Shut down also any other unneeded apps including any open browser windows.
The less stuff we got running the less chance of false positives in log.
Double click gmer.exe to run it.
Allow driver to install if asked (gmer.sys)

You may warning at program start that there is possible rootkit activity and do you want to run scan.

Say OK to run scan.
If no warning, just click "scan ".
Let the scan finish.
Once done press "copy"
Open notepad> press "ctrl+v" to paste log.
Save log.

Re-enable your antivirus, re-connect to internet & post that log here

If the log is too big to post please upload it here:

http://www.bleepingcomputer.com/submit-malware.php?channel=19

Please put link to this thread there so I know who the log belongs to.

Next:

Download Deckard's System Scanner to your Desktop.:

http://www.techsupportforum.com/sectools/Deckard/dss.exe
http://deckard.geekstogo.com/dss.exe

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, a text file will open - Main.txt
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt here.
A folder, C:\Deckard\System Scanner, will also open. In it will be another text file, Extra.txt.

Please post contents of Extra.txt here as well.

Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

If logs are too big to post you can upload both logs here:

http://www.bleepingcomputer.com/submit-malware.php?channel=19

Please include link to your thread here so I know who logs belong to.

Thanks

I'll return later on today to check.

annabanana973 · 2007/05/10

Gmer.txt - Part 1

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-10 15:57:15
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

? E:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? E:\WINDOWS\system32\drivers\NDIS.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6B2A62C 5 Bytes JMP 864E61C8
? E:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\LogMeIn\LogMeInSystray.exe[256] ntdll.dll!NtQuerySystemInformation 7C90E1AA 4 Bytes [ 68, 84, 36, 9C ]
.text C:\Program Files\LogMeIn\LogMeInSystray.exe[256] ntdll.dll!NtQuerySystemInformation + 5 7C90E1AF 1 Byte [ C3 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[576] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 03F23684; RET E:\WINDOWS\system32\kernel.dll
.text E:\WINDOWS\system32\spoolsv.exe[1260] ntdll.dll!NtQuerySystemInformation 7C90E1AA 6 Bytes PUSH 010C3684; RET E:\WINDOWS\system32\kernel.dll
.text E:\WINDOWS\system32\system32.exe[1404] ntdll.dll!NtQuerySystemInformation 7C90E1AA 4 Bytes [ 68, 84, 36, 8B ]
.text ...

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D41E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D41E8
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CREATE 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLOSE 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_WRITE 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_INFORMATION 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_SET_INFORMATION 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_QUERY_VOLUME_INFORMATION 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DIRECTORY_CONTROL 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_FILE_SYSTEM_CONTROL 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_DEVICE_CONTROL 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_LOCK_CONTROL 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_CLEANUP 863B9980
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_PNP 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CREATE 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLOSE 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_WRITE 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_INFORMATION 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_SET_INFORMATION 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_QUERY_VOLUME_INFORMATION 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DIRECTORY_CONTROL 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_FILE_SYSTEM_CONTROL 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_DEVICE_CONTROL 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_LOCK_CONTROL 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_CLEANUP 863B9980
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_PNP 863B9980
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 865941E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 865941E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 865941E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865941E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 865941E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 865941E8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 865941E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 865941E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 865941E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 865941E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865941E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 865941E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 865941E8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 865941E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867651E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867651E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D61E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 864DA1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 864DA1E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 864DA1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 867D51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 867D51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 867D51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 867D51E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP

annabanana973 · 2007/05/10

Gmer.txt - Part 2

867D51E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CREATE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_READ 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_WRITE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_CLEANUP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_POWER 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume5 IRP_MJ_PNP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_CREATE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_READ 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_WRITE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_CLEANUP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_POWER 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume6 IRP_MJ_PNP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_CREATE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_READ 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_WRITE 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_FLUSH_BUFFERS 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_SHUTDOWN 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_CLEANUP 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_POWER 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_SYSTEM_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\HarddiskVolume7 IRP_MJ_PNP 867D61E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8649F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8649F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8649F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8649F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8649F1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8649F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8649F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8649F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8649F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8649F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8649F1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8649F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C0D434D-8212-4FEC-A938-2843E611BE8E} IRP_MJ_CREATE 8649F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C0D434D-8212-4FEC-A938-2843E611BE8E} IRP_MJ_CLOSE 8649F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C0D434D-8212-4FEC-A938-2843E611BE8E} IRP_MJ_DEVICE_CONTROL 8649F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C0D434D-8212-4FEC-A938-2843E611BE8E} IRP_MJ_INTERNAL_DEVICE_CONTROL 8649F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C0D434D-8212-4FEC-A938-2843E611BE8E} IRP_MJ_CLEANUP 8649F1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0C0D434D-8212-4FEC-A938-2843E611BE8E} IRP_MJ_PNP 8649F1E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 865941E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 865941E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 865941E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865941E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 865941E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 865941E8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 865941E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 865941E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 865941E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 865941E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865941E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 865941E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 865941E8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 865941E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8656F460
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8656F460
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8656F460
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D61E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D61E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86598980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86598980

---- Processes - GMER 1.0.12 ----

Process E:\WINDOWS\system32\system32.exe (*** hidden *** ) 1404

---- EOF - GMER 1.0.12 ----

annabanana973 · 2007/05/10

main.txt part 1

Deckard's System Scanner v20070426.43
Run by Anna Luzzi on 2007-05-10 at 15:59:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
22: 2007-05-10 19:59:11 UTC - RP307 - Deckard's System Scanner Restore Point
21: 2007-05-07 06:05:44 UTC - RP306 - Restore Operation
20: 2007-05-07 05:58:39 UTC - RP305 - Restore Operation
19: 2007-05-07 05:52:29 UTC - RP304 - Restore Operation
18: 2007-05-07 04:59:30 UTC - RP303 - Installed Windows Media Player Firefox Plugin

-- First Restore Point --
1: 2007-04-18 21:43:28 UTC - RP286 - System Checkpoint

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Anna Luzzi.exe) ------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 4:02:18 PM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\runtime\bin\jrunsvc.exe
C:\Program Files\runtime\bin\jrun.exe
C:\Program Files\db\slserver52\bin\swagent.exe
C:\Program Files\db\slserver52\bin\swstrtr.exe
C:\Program Files\db\slserver52\bin\swsoc.exe
C:\Program Files\LogMeIn\RaMaint.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe
E:\DOCUME~1\ANNALU~1.ANN\LOCALS~1\Temp\wnset.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
E:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Anna Luzzi\Desktop\dss.exe
C:\HJT\Anna Luzzi.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 84.252.148.113 www.affinityfcu.org
O1 - Hosts: 84.252.148.113 affinityfcu.org
O1 - Hosts: 84.252.148.113 www.azfcu.org
O1 - Hosts: 84.252.148.113 azfcu.org
O1 - Hosts: 84.252.148.113 www.zionbank.com
O1 - Hosts: 84.252.148.113 zionbank.com
O1 - Hosts: 84.252.148.113 www.royalbank.com
O1 - Hosts: 84.252.148.113 royalbank.com
O1 - Hosts: 84.252.148.113 www.desjardins.com
O1 - Hosts: 84.252.148.113 desjardins.com
O1 - Hosts: 84.252.148.113 www.suncoastfcu.org
O1 - Hosts: 84.252.148.113 suncoastfcu.org
O1 - Hosts: 84.252.148.113 capitalone.com
O1 - Hosts: 84.252.148.113 www.capitalone.com
O1 - Hosts: 84.252.148.113 www.bankofamerica.com
O1 - Hosts: 84.252.148.113 bankofamerica.com
O1 - Hosts: 84.252.148.113 www.chase.com
O1 - Hosts: 84.252.148.113 chase.com
O1 - Hosts: 84.252.148.113 www.southtrust.com
O1 - Hosts: 84.252.148.113 southtrust.com
O1 - Hosts: 84.252.148.113 www.wachovia.com
O1 - Hosts: 84.252.148.113 wachovia.com
O1 - Hosts: 84.252.148.113 www.wellsfargo.com
O1 - Hosts: 84.252.148.113 wellsfargo.com
O1 - Hosts: 84.252.148.113 www.citi.com
O1 - Hosts: 84.252.148.113 citi.com
O1 - Hosts: 84.252.148.113 www.citibank.com
O1 - Hosts: 84.252.148.113 citibank.com
O1 - Hosts: 84.252.148.113 www.etrade.com
O1 - Hosts: 84.252.148.113 etrade.com
O1 - Hosts: 84.252.148.113 www.neteller.com
O1 - Hosts: 84.252.148.113 neteller.com
O1 - Hosts: 84.252.148.113 tcfbank.com
O1 - Hosts: 84.252.148.113 www.tcfbank.com
O1 - Hosts: 84.252.148.113 comerica.com
O1 - Hosts: 84.252.148.113 www.comerica.com
O1 - Hosts: 84.252.148.113 www.3riversfcu.org
O1 - Hosts: 84.252.148.113 3riversfcu.org
O1 - Hosts: 84.252.148.113 www.53.com
O1 - Hosts: 84.252.148.113 53.com
O1 - Hosts: 84.252.148.113 www.bbt.com
O1 - Hosts: 84.252.148.113 bbt.com
O1 - Hosts: 84.252.148.113 www.cnbwax.com
O1 - Hosts: 84.252.148.113 cnbwax.com
O1 - Hosts: 84.252.148.113 www.cwbk.com
O1 - Hosts: 84.252.148.113 cwbk.com
O1 - Hosts: 84.252.148.113 www.edsefcu.org
O1 - Hosts: 84.252.148.113 edsefcu.org
O1 - Hosts: 84.252.148.113 www.firstusa.com
O1 - Hosts: 84.252.148.113 firstusa.com
O1 - Hosts: 84.252.148.113 www.frontierbank.com
O1 - Hosts: 84.252.148.113 frontierbank.com
O1 - Hosts: 84.252.148.113 www.gncu.org
O1 - Hosts: 84.252.148.113 gncu.org
O1 - Hosts: 84.252.148.113 www.householdbank.com
O1 - Hosts: 84.252.148.113 householdbank.com
O1 - Hosts: 84.252.148.113 www.icicibank.com
O1 - Hosts: 84.252.148.113 icicibank.com
O1 - Hosts: 84.252.148.113 www.mbna.com
O1 - Hosts: 84.252.148.113 mbna.com
O1 - Hosts: 84.252.148.113 www.mibank.com
O1 - Hosts: 84.252.148.113 mibank.com
O1 - Hosts: 84.252.148.113 www.midamericabank.com
O1 - Hosts: 84.252.148.113 midamericabank.com
O1 - Hosts: 84.252.148.113 www.myindymacbank.com
O1 - Hosts: 84.252.148.113 myindymacbank.com
O1 - Hosts: 84.252.148.113 www.nafcunet.org
O1 - Hosts: 84.252.148.113 nafcunet.org
O1 - Hosts: 84.252.148.113 www.nationalcity.com
O1 - Hosts: 84.252.148.113 nationalcity.com
O1 - Hosts: 84.252.148.113 www.cnb.com
O1 - Hosts: 84.252.148.113 cnb.com
O1 - Hosts: 84.252.148.113 www.nationwide.com
O1 - Hosts: 84.252.148.113 nationwide.com
O1 - Hosts: 84.252.148.113 www.netbank.com
O1 - Hosts: 84.252.148.113 netbank.com
O1 - Hosts: 84.252.148.113 www.netbank.com
O1 - Hosts: 84.252.148.113 netbank.com.au
O1 - Hosts: 84.252.148.113 www.netbank.com.au
O1 - Hosts: 84.252.148.113 www.commbank.com.au
O1 - Hosts: 84.252.148.113 www.postfinance.com
O1 - Hosts: 84.252.148.113 postfinance.com
O1 - Hosts: 84.252.148.113 www.providian.com
O1 - Hosts: 84.252.148.113 providian.com
O1 - Hosts: 84.252.148.113 www.sbbt.com
O1 - Hosts: 84.252.148.113 sbbt.com
O1 - Hosts: 84.252.148.113 www.sears.com
O1 - Hosts: 84.252.148.113 sears.com
O1 - Hosts: 84.252.148.113 telcomcu.com
O1 - Hosts: 84.252.148.113 www.telcomcu.com
O1 - Hosts: 84.252.148.113 www.tcuonline.org
O1 - Hosts: 84.252.148.113 tcuonline.org
O1 - Hosts: 84.252.148.113 www.uofcfcu.com
O1 - Hosts: 84.252.148.113 uofcfcu.com
O1 - Hosts: 84.252.148.113 www.usaa.com
O1 - Hosts: 84.252.148.113 usaa.com
O1 - Hosts: 84.252.148.113 www.warrenfcu.com
O1 - Hosts: 84.252.148.113 warrenfcu.com
O1 - Hosts: 84.252.148.113 visionsfcu.org
O1 - Hosts: 84.252.148.113 www.visionsfcu.org
O1 - Hosts: 84.252.148.113 www.tcfexpress.com
O2 - BHO: E:\WINDOWS\system32\ldfksdioduihj.dll - {8D5849A2-93F3-429D-FF34-260A2068897C} - E:\WINDOWS\system32\ldfksdioduihj.dll
O2 - BHO: (no name) - {c9609b24-c46a-49a4-95bb-b6deb9dc7347} - E:\WINDOWS\system32\hidocx.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [ttool] E:\WINDOWS\9129837.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb103\res\DealioSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb103\Dealio.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\ohlnkhjusip.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167871446015
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: crypt32net - E:\WINDOWS\SYSTEM32\crypt32net.dll
O20 - Winlogon Notify: hidocx - E:\WINDOWS\SYSTEM32\hidocx.dll
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O20 - Winlogon Notify: rpcc1 - E:\WINDOWS\system32\rpcc1.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - E:\WINDOWS\QW5uYSBMdXp6aQ\command.exe (file missing)
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\Program Files\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\Program Files\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\Program Files\db\slserver52\bin\swstrtr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Maya 7 PLE Documentation Server (mple7docserver) - Unknown owner - C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20070102-223159-179 O4 - HKLM\..\Run: [hrcopul.dll] E:\WINDOWS\system32\rundll32.exe "E:\Documents and Settings\Anna Luzzi.ANNA\Local Settings\Application Data\hrcopul.dll ",vuljcec
backup-20070102-223159-186 O4 - HKLM\..\Run: [{6831F5EA-0960-1033-0430-020624030001}] "C:\Program Files\Common Files\{6831F5EA-0960-1033-0430-020624030001}\Update.exe" te-110-12-0000213
backup-20070102-223159-229 O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin1.dll
backup-20070102-223159-318 O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20070102-223159-384 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=
backup-20070102-223159-414 O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - E:\WINDOWS\system32\nweipeg.dll (file missing)
backup-20070102-223159-517 O4 - HKLM\..\Run: [pop06ap] E:\WINDOWS\pop06ap2.exe
backup-20070102-223159-550 O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
backup-20070102-223159-671 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20070102-223159-770 R3 - URLSearchHook: (no name) - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - (no file)
backup-20070102-223159-934 O4 - HKLM\..\Run: [sdfghjgewaertyutrew.exe] E:\WINDOWS\system32\sdfghjgewaertyutrew.exe
backup-20070102-223200-106 O15 - Trusted Zone: *.dollarrevenue.com
backup-20070102-223200-144 O15 - Trusted Zone: *.systemdoctor.com (HKLM)
backup-20070102-223200-176 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20070102-223200-184 O15 - Trusted Zone: *.imagesrvr.com
backup-20070102-223200-234 O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
backup-20070102-223200-238 O15 - Trusted Zone: *.matcash.com (HKLM)
backup-20070102-223200-287 O15 - Trusted Zone: *.snipernet.biz
backup-20070102-223200-313 O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
backup-20070102-223200-334 O15 - Trusted Zone: *.winantivirus.com (HKLM)
backup-20070102-223200-377 O15 - Trusted Zone: *.adgate.info
backup-20070102-223200-405 O15 - Trusted Zone: *.mediatickets.net
backup-20070102-223200-441 O15 - Trusted Zone: *.adgate.info (HKLM)
backup-20070102-223200-454 O15 - Trusted Zone: *.media-motor.com
backup-20070102-223200-522 O15 - Trusted Zone: *.media-motor.com (HKLM)
backup-20070102-223200-582 O15 - Trusted Zone: *.winantivirus.com
backup-20070102-223200-640 O15 - Trusted Zone: *.systemdoctor.com
backup-20070102-223200-682 O15 - Trusted Zone: *.matcash.com
backup-20070102-223200-704 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20070102-223200-913 O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
backup-20070102-223200-935 O15 - Trusted Zone: *.mediatickets.net (HKLM)
backup-20070102-223200-952 O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
backup-20070102-223200-963 O15 - Trusted Zone: *.snipernet.biz (HKLM)
backup-20070102-223200-994 O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
backup-20070102-223245-382 O20 - Winlogon Notify: winsys2freg - E:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
backup-20070103-022726-448 O4 - HKCU\..\Run: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\spyeraser.exe" -m
backup-20070108-162905-299 O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
backup-20070117-081653-983 O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
backup-20070505-021728-568 O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20070505-021729-514 O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20070505-021729-726 O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
backup-20070505-021729-797 O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Anna Luzzi\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
backup-20070505-022913-769 O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
backup-20070506-024648-684 O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb103\Dealio.dll

-- File Associations -----------------------------------------------------------

.js - JSFile - shell\open\command - "c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .js1
.vbs - VBSFile - shell\open\command - "c:\program files\uniblue\spyeraser\spyeraser.exe" "%1" .vb1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 cmpci (C-Media PCI Audio Driver (WDM)) - e:\windows\system32\drivers\cmaudio.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 Pcouffin (Low level access layer for CD devices) - e:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 InCDPass - e:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - e:\windows\system32\drivers\incdrm.sys (file missing)
S3 ATE_PROCMON - c:\program files\anti trojan elite\atepmon.sys (file missing)
S3 LMImirr - e:\windows\system32\drivers\lmimirr.sys (file missing)
S3 NPF (NetGroup Packet Filter Driver) - e:\windows\system32\drivers\npf.sys <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
S3 PSSdk23 - e:\windows\system32\drivers\pssdk23.drv (file missing)
S4 InCDFs (InCD File System) - e:\windows\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe "
R2 ColdFusion MX Application Server - "c:\program files\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
R2 ColdFusion MX ODBC Agent - c:\program files\db\slserver52\bin\swagent.exe "coldfusion mx odbc agent "
R2 ColdFusion MX ODBC Server - c:\program files\db\slserver52\bin\swstrtr.exe "coldfusion mx odbc server "
R2 mple7docserver (Maya 7 PLE Documentation Server) - "c:\program files\alias\maya 7.0 personal learning edition\docs\wrapper.exe" -s "c:\program files\alias\maya 7.0 personal learning edition\docs\wrapper.conf "

S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S2 cmdService (Command Service) - e:\windows\qw5uysbmdxp6aq\command.exe (file missing)
S3 MSSQL$SONY_MEDIAMGR - c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlservr.exe -ssony_mediamgr (file missing)
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; CACE Technologies; Remote Packet Capture Daemon>
S3 SQLAgent$SONY_MEDIAMGR - c:\program files\sony\shared plug-ins\media manager\mssql$sony_mediamgr\binn\sqlagent.exe -i sony_mediamgr (file missing)
S4 iPod Service - "c:\program files\ipod\bin\ipodservice.exe" (file missing)

-- Scheduled Tasks -------------------------------------------------------------

2007-01-02 09:10:21 348 --a------ E:\WINDOWS\Tasks\Uniblue SpyEraser.job

-- Files created between 2007-04-10 and 2007-05-10 -----------------------------

2007-05-07 03:56:03 0 d-------- E:\VundoFix Backups
2007-05-07 03:54:39 212 --a------ E:\delete.bat
2007-05-07 03:48:23 675 --a------ E:\Documents and Settings\Anna Luzzi.ANNA\clean.reg
2007-05-07 02:44:08 0 d-------- E:\Documents and Settings\Administrator.ANNA\Application Data\Aim
2007-05-07 02:34:26 0 d---s---- E:\Documents and Settings\Administrator.ANNA\UserData
2007-05-07 01:22:39 105168 --a------ E:\WINDOWS\NSUninst.exe
2007-05-07 01:22:37 0 d-------- C:\Program Files\AOD
2007-05-07 01:22:24 105168 --a------ E:\WINDOWS\GREUninstall.exe
2007-05-07 01:22:19 0 d-------- C:\Program Files\Common Files\mozilla.org
2007-05-07 01:20:55 0 d-------- C:\Program Files\Netscape
2007-05-07 00:55:32 0 d-------- C:\Program Files\stubs
2007-05-06 01:47:35 21978 --a------ E:\WINDOWS\system32\hidocx.dll
2007-05-06 01:47:33 29378 --a------ E:\WINDOWS\system32\jkkjg.exe
2007-05-05 06:37:54 132660 --a------ E:\WINDOWS\system32\nlfnhfyb.dll
2007-05-05 06:31:28 0 d-------- E:\Documents and Settings\LocalService\Application Data\NetMon
2007-05-05 06:31:21 1989 --a------ E:\WINDOWS\uninstall_nmon.vbs
2007-05-05 06:31:19 0 d--hs---- E:\WINDOWS\QW5uYSBMdXp6aQ
2007-05-05 06:15:26 0 d-------- C:\Program Files\webHancer
2007-05-05 06:13:03 552960 --a------ E:\WINDOWS\system32\ucmoreiex.exe
2007-05-05 06:12:43 0 d-------- C:\Program Files\Ofb11
2007-05-05 06:12:37 337781 --a------ E:\WINDOWS\system32\zippy2.exe
2007-05-05 06:12:36 94208 --a------ E:\WINDOWS\system32\dnsersnd.dll
2007-05-05 06:12:32 52736 --a------ E:\WINDOWS\system32\dnsersnd.exe
2007-05-05 06:12:20 0 d-------- C:\Program Files\Dealio
2007-05-05 06:12:04 45056 --a------ E:\WINDOWS\retadpu1000106.exe <Not Verified; ; updater Application>
2007-05-05 06:11:59 8222 --a------ E:\WINDOWS\system32\ddcyxvu.dll
2007-05-05 06:11:57 0 d-------- E:\WINDOWS\system32\smpi1

annabanana973 · 2007/05/10

main.txt part 2

2007-05-05 06:11:50 109307 --a------ E:\WINDOWS\system32\CmarP1083.exe
2007-05-05 06:11:37 14390 --a------ E:\WINDOWS\system32\leeman.exe
2007-05-05 06:11:32 14918 --a------ E:\WINDOWS\124x.exe
2007-05-05 06:06:53 11776 --a------ E:\WINDOWS\system32\696224658.exe
2007-05-05 05:30:16 5120 --a------ E:\WINDOWS\system32\scardrv.exe
2007-05-05 05:30:15 10240 --a------ E:\WINDOWS\system32\kernel.dll
2007-05-05 05:30:12 9728 --a------ E:\WINDOWS\system32\crypt32net.dll
2007-05-05 05:30:10 57344 -----n--- E:\WINDOWS\system32\system32.exe
2007-05-05 05:30:05 21504 --a------ E:\WINDOWS\system32\ohlnkhjusip.dll
2007-05-05 05:30:03 38968 --a------ E:\WINDOWS\system32\winupd_KB80403628.exe
2007-05-05 05:29:54 30720 --a------ E:\WINDOWS\system32\rpcc1.dll
2007-05-05 05:29:50 11776 --a------ E:\WINDOWS\system32\359511908.exe
2007-05-05 05:29:47 14336 --a------ E:\WINDOWS\system32\winupd_KB50712874.exe
2007-05-05 05:29:42 107012 --a------ E:\WINDOWS\system32\winupd_KB95349334.exe
2007-05-05 05:29:39 10000 --a------ E:\WINDOWS\system32\ldfksdioduihj.dll
2007-05-05 05:29:36 18944 --a------ E:\WINDOWS\system32\winupd_KB62062812.exe
2007-05-05 05:29:33 11776 --a------ E:\WINDOWS\system32\winupd_KB77526596.exe
2007-05-05 05:29:31 22016 --a------ E:\WINDOWS\system32\winupd_KB93736873.exe
2007-05-05 02:10:42 0 d-------- C:\Program Files\Common Files\{6831F5EA-0960-1033-0430-020624030001}
2007-05-04 19:45:13 6144 --a------ E:\WINDOWS\system32\perfc000.dat
2007-04-30 01:52:16 0 d-------- C:\Program Files\Common Files\xing shared
2007-04-26 16:16:01 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\TorrentQ
2007-04-26 16:15:57 0 d-------- C:\Program Files\TorrentQ
2007-04-12 03:49:43 0 d-------- C:\Program Files\Image2Ico

-- Find3M Report ---------------------------------------------------------------

2007-05-10 15:33:29 0 d-------- C:\Program Files\LogMeIn
2007-05-07 03:46:14 11264 --ahs---- C:\Program Files\Thumbs.db
2007-05-07 01:22:57 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\Mozilla
2007-05-07 01:22:39 17118 --a------ E:\WINDOWS\mozver.dat
2007-05-06 04:06:33 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\LimeWire
2007-05-05 06:32:40 0 d-------- C:\Program Files\microsoft frontpage
2007-05-05 06:14:50 16 --a------ E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\.rdr.ini
2007-05-05 02:13:03 0 d-------- C:\Program Files\Sophos
2007-04-30 01:53:25 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\Real
2007-04-30 01:52:15 0 d-------- C:\Program Files\Common Files\Real
2007-04-25 11:27:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-25 11:27:54 0 d-------- C:\Program Files\Logitech
2007-04-06 04:53:10 68901 --a------ E:\WINDOWS\hpoins05.dat
2007-04-05 22:52:17 0 d-------- C:\Program Files\Common Files\HP
2007-04-04 21:49:10 0 d-------- C:\Program Files\Common Files\{6831F5EA-0961-1033-0430-020624030001}
2007-04-03 01:20:56 0 d-------- C:\Program Files\Common Files\Logitech
2007-04-03 01:19:57 0 d-------- C:\Program Files\Windows Media Components
2007-04-03 00:12:06 0 d-------- C:\Program Files\Sony Vegas Zip
2007-04-02 23:48:57 0 d-------- C:\Program Files\Vstplugins
2007-04-02 23:39:28 0 d-------- C:\Program Files\Sony
2007-04-02 23:38:43 0 d-------- C:\Program Files\Sony Vegas CrackedZ
2007-04-02 23:27:29 0 d-------- C:\Program Files\Sony Vegas 6.0 CRACKED
2007-04-02 22:13:07 0 d-------- C:\Program Files\Java
2007-04-02 22:12:07 0 d-------- C:\Program Files\Common Files\Java
2007-04-01 23:11:30 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\Uniblue
2007-04-01 22:44:02 0 d-------- C:\Program Files\Common Files\DeskShare Shared
2007-04-01 22:02:09 0 d-------- C:\Program Files\honestech Video Editor 7.0 Trial
2007-04-01 22:01:50 0 d-------- C:\Program Files\Common Files\InstallShield
2007-03-26 06:19:02 0 d-------- C:\Program Files\eMule
2007-03-23 20:22:54 0 d-------- C:\Program Files\QuickTime
2007-03-22 17:55:42 0 d-------- C:\Program Files\SpySheriff
2007-03-22 17:54:00 1198484 --a------ E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\Install.dat
2007-03-19 06:44:45 0 d-------- C:\Program Files\Summitsoft
2007-03-19 06:40:18 0 d-------- C:\Program Files\AAALOGO
2007-03-19 06:21:46 0 d-------- C:\Program Files\LogoSmartzTrial
2007-03-18 07:35:23 0 d-------- C:\Program Files\Common Files\{6831F5EA-0A8C-1033-0430-020624030001}
2007-03-18 07:35:23 0 d--h----- C:\Program Files\BHO Plugin
2007-03-18 00:59:00 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\Adobe
2007-03-18 00:57:52 0 d-------- C:\Program Files\Common Files\Vbox
2007-03-18 00:57:48 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-18 00:57:16 0 d-------- C:\Program Files\?dobe
2007-03-18 00:55:45 0 d-------- C:\Program Files\Adobe Illustrator Installer
2007-03-17 19:14:45 0 d-------- C:\Program Files\mIRC
2007-03-17 01:59:08 0 d-------- C:\Program Files\3dsmax7
2007-03-17 00:34:46 0 d-------- C:\Program Files\DAEMON Tools
2007-03-17 00:23:45 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\dvdcss
2007-03-16 21:16:31 0 d-------- C:\Program Files\AIM
2007-03-15 02:59:56 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-03-15 02:59:45 0 d-------- C:\Program Files\backburner 2
2007-03-15 02:08:41 0 d-------- C:\Program Files\Intel Corporation
2007-03-14 17:52:19 0 d-------- C:\Program Files\Common Files\Alias Shared
2007-03-14 17:52:19 0 d-------- C:\Program Files\Alias
2007-03-14 05:56:22 0 d-------- C:\Program Files\MilkShape 3D 1.8.0
2007-03-14 05:54:34 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\MilkShape 3D 1.x.x
2007-03-10 19:58:37 0 d-------- C:\Program Files\DVD Decrypter
2007-03-10 04:19:47 0 d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\??stem
2007-02-10 06:03:21 268704 --a------ E:\WINDOWS\OfB11_Setup.exe <Not Verified; ; OfB Install Program>

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{8D5849A2-93F3-429D-FF34-260A2068897C} E:\WINDOWS\system32\ldfksdioduihj.dll
{c9609b24-c46a-49a4-95bb-b6deb9dc7347} E:\WINDOWS\system32\hidocx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Software Update "= "\ "C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\" "
"LogMeIn GUI "= "\ "C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\" "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"MSConfig "= "E:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "\ "C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\" "
"DIRECT! "=" "
"ttool "= "E:\\WINDOWS\\9129837.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IPConfig "=" "

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"WebBuying "= "C:\\Program Files\\Web Buying\\v1.6.8\\webbuying.exe "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop "=dword:00000000
"ForceActiveDesktopOn "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8D5849A2-93F3-429D-FF34-260A2068897C} "= "Fdjskie8 jf8e "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{26FAFD75-1005-41F6-978D-178C00165C0B} "=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"DCOM Server 20509 "= "{2C1CD3D7-86AC-4068-93BC-A02304B20509} "

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32net
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hidocx
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rpcc1

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Anna Luzzi^Start Menu^Programs^Adobe^Startup^Adobe Gamma.lnk]
"path "= "C:\\Documents and Settings\\Anna Luzzi\\Start Menu\\Programs\\Adobe\\Startup\\Adobe Gamma.lnk "
"backup "= "E:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup "
"location "= "Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item "= "Adobe Gamma "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Anna Luzzi^Start Menu^Programs^Adobe^Startup^IMVU.lnk]
"path "= "C:\\Documents and Settings\\Anna Luzzi\\Start Menu\\Programs\\Adobe\\Startup\\IMVU.lnk "
"backup "= "E:\\WINDOWS\\pss\\IMVU.lnkStartup "
"location "= "Startup "
"command "= "C:\\Program Files\\IMVU\\IMVUClient.exe --startup "
"item "= "IMVU "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path "= "E:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk "
"backup "= "E:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item "= "Adobe Gamma Loader "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path "= "E:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk "
"backup "= "E:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item "= "Adobe Reader Speed Launch "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
"path "= "E:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Digital Imaging Monitor.lnk "
"backup "= "E:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item "= "HP Digital Imaging Monitor "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
"path "= "E:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk "
"backup "= "E:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\Logitech\\DESKTO~1\\8876480\\Program\\LDMConf.exe /start "
"item "= "Logitech Desktop Messenger "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path "= "E:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk "
"backup "= "E:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup "
"location "= "Common Startup "
"command "= "C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l "
"item "= "Microsoft Office "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\359511908.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "359511908 "
"hkey "= "HKLM "
"command "= "E:\\WINDOWS\\system32\\359511908.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\696224658.exe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "696224658 "
"hkey "= "HKLM "
"command "= "E:\\WINDOWS\\system32\\696224658.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "AdobeUpdater "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\common files\\Adobe\\Updater\\AdobeUpdater.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "DealioAU "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Dealio\\DealioAU.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IpWins]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ipwins "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Ipwindows\\ipwins.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "BackWeb-8876480 "
"hkey "= "HKCU "
"command "= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\BackWeb-8876480.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "ISStart "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LogiTray "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "LVCOMS "
"hkey "= "HKLM "
"command "= "C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Math Meta 1 About]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Ballsect "
"hkey "= "HKLM "
"command "= "C:\\Documents and Settings\\All Users\\Application Data\\TrustKindMathMeta\\Ballsect.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Rect Idle]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "long send audio "
"hkey "= "HKCU "
"command "= "E:\\DOCUME~1\\ANNALU~1.ANN\\APPLIC~1\\SHOWEX~1\\long send audio.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Restore Operation]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "svchots "
"hkey "= "HKCU "
"command "= "E:\\DOCUME~1\\ANNALU~1.ANN\\LOCALS~1\\Temp\\svchots.exe "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "retadpu1000106 "
"hkey "= "HKLM "
"command "= "E:\\WINDOWS\\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310 "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "jusched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\" "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "realsched "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsService]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "nlfnhfyb "
"hkey "= "HKLM "
"command "= "rundll32.exe \ "E:\\WINDOWS\\system32\\nlfnhfyb.dll\ ",realset "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{3C-C9-91-1C-ZN}]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "dwdsregt "
"hkey "= "HKLM "
"command "= "e:\\windows\\system32\\dwdsregt.exe SKY001 "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{6831F5EA-0960-1033-0430-020624030001}]
"key "= "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "
"item "= "Update "
"hkey "= "HKLM "
"command "= "\ "C:\\Program Files\\Common Files\\{6831F5EA-0960-1033-0430-020624030001}\\Update.exe\" te-110-12-0000213 "
"inimapping "= "0 "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CAISafe "=dword:00000003
"Browser "=dword:00000002
"vsmon "=dword:00000002
"iPodService "=dword:00000003

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- Hosts -----------------------------------------------------------------------

127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fastclick.net
127.0.0.1 ads.fastclick.net
127.0.0.1 ar.atwola.com
127.0.0.1 atdmt.com
127.0.0.1 avp.ch
127.0.0.1 avp.com
127.0.0.1 avp.com
127.0.0.1 avp.ru
127.0.0.1 us.mcafee.com

222 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-05-10 at 16:02:51 ---------

annabanana973 · 2007/05/10

extra.txt

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1023.53 MiB / 390.43 MiB
Pagefile Memory (total/avail): 2461.8 MiB / 2174.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1975.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 224.61 GiB total, 25.21 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 8.27 GiB total, 1.43 GiB free.
F: is CDROM (UDF)
Z: is Network (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=E:\Documents and Settings\All Users
APPDATA=E:\Documents and Settings\Anna Luzzi.ANNA\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ANNA
ComSpec=E:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=E:
HOMEPATH=\Documents and Settings\Anna Luzzi.ANNA
LOGONSERVER=\\ANNA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;E:\WINDOWS\system32;E:\WINDOWS;E:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=E:
SystemRoot=E:\WINDOWS
TEMP=E:\DOCUME~1\ANNALU~1.ANN\LOCALS~1\Temp
TMP=E:\DOCUME~1\ANNALU~1.ANN\LOCALS~1\Temp
USERDOMAIN=ANNA
USERNAME=Anna Luzzi
USERPROFILE=E:\Documents and Settings\Anna Luzzi.ANNA
windir=E:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

Anna Luzzi.ANNA (admin)
LogMeInRemoteUser (new local, admin)
LogMeInRemoteUser.ANNA (new local, admin)
LogMeInRemoteUser.ANNA.000 (admin)
Administrator.ANNA (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
3ds max 7 --> MsiExec.exe /I{F92AB933-9FE7-4335-92BD-D1C3BA27613C}
AAA Logo 1.22 --> "C:\Program Files\AAALOGO\unins000.exe "
ABC (remove only) --> C:\Program Files\ABC\Uninstall.exe
ABC VideoRoll --> E:\WINDOWS\IsUninst.exe -f "E:\Program Files\ATP\ABC VideoRoll\Uninst.isu "
Ace DivX Player --> "C:\Program Files\GustoSoft\Ace DivX Player\Uninstall.exe "
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player Plugin --> E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator 10 Tryout --> "C:\Program Files\InstallShield Installation Information\{0AC416C3-A600-4A98-B5E1-A629498241DB}\setup.exe "
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.7 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Alias DirectConnect 2.0 --> MsiExec.exe /I{D10EC365-8936-4B40-AE2E-FCDA61C326D3}
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
AsusUpdate --> E:\WINDOWS\IsUninst.exe -f "C:\Program Files\ASUS\AsusUpdate\Uninst.isu "
Camtasia Studio 3 --> C:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
ColdFusion MX --> MsiExec.exe /X{D69FD9A6-AA50-45C6-A622-71AF0F28AEC1}
Colorful Movie Editor 4.0 --> "C:\Program Files\Colorful Movie Editor\unins000.exe "
Colorful Movie Editor Trial 4.0 --> "C:\Program Files\Colorful Movie Editor Trial\unins000.exe "
Corel Painter IX --> MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC}
Dealio Toolbar --> MsiExec.exe /X{AD45E492-5AA6-456C-8F01-FA9061039AF7}
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe "
eMule --> "C:\Program Files\eMule\Uninstall.exe "
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe "
HijackThis 1.99.1 --> C:\Documents and Settings\Anna Luzzi\Desktop\newfish2\HijackThis.exe /uninstall
honestech Video Editor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5F56D88-56A2-4157-BED4-D650634974E3}\Setup.exe" -l0x9
HP Extended Capabilities 4.7 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express --> MsiExec.exe /X{85BCA736-A0F4-448E-9BC1-6EA08693E10B}
HP PSC & OfficeJet 4.7 --> "C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update --> MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
Image2Ico --> "C:\Program Files\Image2Ico\unins000.exe "
Intel(R) Processor ID Utility --> MsiExec.exe /X{A92A4DB0-CD37-42D1-BE1D-603D53C24328}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
LimeWire 4.9.41 --> "C:\Program Files\LimeWire\uninstall.exe "
LogMeIn --> MsiExec.exe /I{BA2D4D22-0B99-4D63-BCEE-D2EA4736F27F}
Logo Design Studio --> "E:\WINDOWS\Logo Design Studio\uninstall.exe" "/U:C:\Program Files\Summitsoft\Logo Design Studio Trial\Uninstall\uninstall.xml "
LogoSmartz 4.0 Trial --> C:\PROGRA~1\LOGOSM~1\UNWISE.EXE C:\PROGRA~1\LOGOSM~1\INSTALL.LOG
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{930B2432-43D4-11D5-9871-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection E:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Macromedia FreeHand 10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D826618-59C6-11D4-976E-00C04F8EEB39}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player --> E:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic DVD Copier V4.3 --> "C:\Program Files\MagicDVDCopier\unins000.exe "
Maya 7.0 Personal Learning Edition --> MsiExec.exe /I{A8AF85EB-737C-49B9-90DD-44A5FAF4D04E}
Microsoft NetMeeting 2.1 --> RunDll32 advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.NT
Microsoft NetShow Tools 2.0 --> C:\Program Files\Microsoft NetShow\Tools\_insttoo.exe /U
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
MilkShape 3D 1.8.0 --> "C:\Program Files\MilkShape 3D 1.8.0\uninstall.exe "
mIRC --> "C:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.2) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.0.7) --> E:\WINDOWS\UninstallThunderbird.exe /ua "1.0.7 (en) "
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Nero 7 Premium --> MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Netscape (7.2) --> E:\WINDOWS\NSUninst.exe /ua "7.2 (en) "
PCI Audio Driver --> cmuninst.exe
Quicken 2006 --> MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SmartFTP Client --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Sony Media Manager 2.0 --> MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
TorrentQ version 2.1.0.0 --> "C:\Program Files\TorrentQ\unins000.exe "
VideoLAN VLC media player 0.8.4a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VirtuallyJenna-2.017.002 (Cracked) --> MsiExec.exe /I{9AB77E48-5BAF-4EBA-A88B-40CAF43F237E}
WinPcap 3.1 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log "
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XBC 5.1 --> C:\PROGRA~1\XBC\UNWISE.EXE C:\PROGRA~1\XBC\INSTALL.LOG
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

-- End of Deckard's System Scanner: finished at 2007-05-10 at 16:02:51 ---------

annabanana973 · 2007/05/10

Ahh.. sorry for the wait...

Yeah, I was trying to upload the logs on the site but I couldn't umm.. understand how to get it on here. Yes, I'm computer illiterate. Hope you can help me!

Blender · 2007/05/12

Hi,

Sorry for delay.
Thanks for the logs. You got them posted here OK.

Still fair bit of work to do.

Download this file and save it to your desktop.

http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
You will temporarily lose desktop while scan is running. Once scan is done desktop will return to normal.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------

Next:

Boot back to SAFE mode

[*] Open the SDFix folder and double click RunThis.bat to start the script.

[*] Type Y to begin the cleanup process.

[*] It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.

[*] Press any Key and it will restart the PC.

[*] When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

[*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt. (Report.txt will also be copied to Clipboard ready for posting back on the forum).

[*] Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
[/list]

Let me know how machine is running.

Try to limit time online please. The longer online will mean more of this junk gets installed all over again.

Thanks

annabanana973 · 2007/05/12

Combo Fix

"Anna Luzzi" - 2007-05-12 13:23:43 Service Pack 2
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Anna Luzzi\Desktop\ "

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
E:\qoobox\purity\C\DOCUME~1
E:\qoobox\purity\C\DOCUME~1\ANNALU~1
E:\qoobox\purity\C\DOCUME~1\ANNALU~1\MYDOCU~1
E:\qoobox\purity\C\DOCUME~1\ANNALU~1\MYDOCU~1\DOBE~1
E:\qoobox\purity\C\DOCUME~1\ANNALU~1\MYDOCU~1\MANTEC~1
E:\qoobox\purity\C\DOCUME~1\ANNALU~1\MYDOCU~1\SMBOLS~1
E:\qoobox\purity\C\DOCUME~1\ANNALU~1\MYDOCU~1\SSEMBL~1
E:\qoobox\purity\C\Program Files\YMANTE~1
E:\qoobox\purity\C\Program Files\common files\SMANTE~1
E:\qoobox\purity\C\Program Files\common files\SSTEM3~1
E:\qoobox\purity\E\DOCUME~1
E:\qoobox\purity\E\DOCUME~1\ANNALU~1.ANN
E:\qoobox\purity\E\DOCUME~1\ANNALU~1.ANN\APPLIC~1
E:\qoobox\purity\E\DOCUME~1\ANNALU~1.ANN\APPLIC~1\RACLE~1
E:\qoobox\purity\E\DOCUME~1\ANNALU~1.ANN\APPLIC~1\STEM~1
E:\qoobox\purity\E\WINDOWS\CURITY~1
E:\qoobox\purity\E\WINDOWS\ICROSO~1.NET
E:\qoobox\purity\E\WINDOWS\SSTEM~1
E:\qoobox\purity\E\WINDOWS\WNSXS~1
E:\qoobox\purity\E\WINDOWS\system32\FNTS~1
E:\qoobox\purity\E\WINDOWS\system32\SSTEM~1
E:\qoobox\purity\E\WINDOWS\system32\YMANTE~1
E:\qoobox\purity\E\WINDOWS\system32\YSTEM3~1

((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 ))))))))))))))))))))))))))))))))))

2007-05-10 15:58 <DIR> d-------- E:\Deckard
2007-05-07 03:56 <DIR> d-------- E:\VundoFix Backups
2007-05-07 03:54 212 --a------ E:\delete.bat
2007-05-07 03:48 675 --a------ E:\DOCUME~1\ANNALU~1.ANN\clean.reg
2007-05-07 02:44 <DIR> d-------- E:\DOCUME~1\ADMINI~1.ANN\APPLIC~1\Aim
2007-05-07 02:34 <DIR> d---s---- E:\DOCUME~1\ADMINI~1.ANN\UserData
2007-05-06 01:47 29,378 --a------ E:\WINDOWS\system32\jkkjg.exe
2007-05-05 06:31 <DIR> d--hs---- E:\WINDOWS\QW5uYSBMdXp6aQ
2007-05-05 06:13 552,960 --a------ E:\WINDOWS\system32\ucmoreiex.exe
2007-05-05 06:12 94,208 --a------ E:\WINDOWS\system32\dnsersnd.dll
2007-05-05 06:12 52,736 --a------ E:\WINDOWS\system32\dnsersnd.exe
2007-05-05 06:12 337,781 --a------ E:\WINDOWS\system32\zippy2.exe
2007-05-05 06:11 14,918 --a------ E:\WINDOWS\124x.exe
2007-05-05 06:11 14,390 --a------ E:\WINDOWS\system32\leeman.exe
2007-05-05 06:11 109,307 --a------ E:\WINDOWS\system32\CmarP1083.exe
2007-05-05 06:11 <DIR> d-------- E:\WINDOWS\system32\smpi1
2007-04-26 16:16 <DIR> d-------- E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\TorrentQ

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-12 17:02:33 -------- d-----w C:\Program Files\LogMeIn
2007-05-11 01:16:05 -------- d-----w C:\Program Files\Dealio
2007-05-07 05:22:40 -------- d-----w C:\Program Files\AOD
2007-05-07 05:22:39 17,118 ----a-w E:\WINDOWS\mozver.dat
2007-05-07 04:55:32 -------- d-----w C:\Program Files\stubs
2007-05-06 08:06:33 -------- d-----w E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\LimeWire
2007-05-05 10:32:40 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-05 10:12:43 -------- d-----w C:\Program Files\Ofb11
2007-05-05 09:29:48 281,348 ----a-w E:\WINDOWS\system32\drivers\ndis.sys
2007-05-05 06:13:03 -------- d-----w C:\Program Files\Sophos
2007-04-30 05:53:25 -------- d-----w E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\Real
2007-04-30 05:52:16 -------- d-----w C:\Program Files\Common Files\xing shared
2007-04-30 05:52:15 -------- d-----w C:\Program Files\Common Files\Real
2007-04-26 20:17:13 -------- d-----w C:\Program Files\TorrentQ
2007-04-25 15:27:58 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-25 15:27:54 -------- d-----w C:\Program Files\Logitech
2007-04-12 07:49:44 -------- d-----w C:\Program Files\Image2Ico
2007-04-06 08:53:10 68,901 ----a-w E:\WINDOWS\hpoins05.dat
2007-04-06 02:52:17 -------- d-----w C:\Program Files\Common Files\HP
2007-04-03 05:20:56 -------- d-----w C:\Program Files\Common Files\Logitech
2007-04-03 05:19:57 -------- d-----w C:\Program Files\Windows Media Components
2007-04-03 04:12:06 -------- d-----w C:\Program Files\Sony Vegas Zip
2007-04-03 03:48:57 -------- d-----w C:\Program Files\Vstplugins
2007-04-03 03:39:28 -------- d-----w C:\Program Files\Sony
2007-04-03 03:38:43 -------- d-----w C:\Program Files\Sony Vegas CrackedZ
2007-04-03 03:27:29 -------- d-----w C:\Program Files\Sony Vegas 6.0 CRACKED
2007-04-02 03:11:30 -------- d-----w E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\Uniblue
2007-04-02 02:44:02 -------- d-----w C:\Program Files\Common Files\DeskShare Shared
2007-04-02 02:02:09 -------- d-----w C:\Program Files\honestech Video Editor 7.0 Trial
2007-04-02 02:01:50 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-26 10:19:02 -------- d-----w C:\Program Files\eMule
2007-03-24 00:22:54 -------- d-----w C:\Program Files\QuickTime
2007-03-19 10:44:45 -------- d-----w C:\Program Files\Summitsoft
2007-03-19 10:40:18 -------- d-----w C:\Program Files\AAALOGO
2007-03-19 10:21:46 -------- d-----w C:\Program Files\LogoSmartzTrial
2007-03-18 11:35:23 -------- d--h--w C:\Program Files\BHO Plugin
2007-03-18 04:57:52 -------- d-----w C:\Program Files\Common Files\Vbox
2007-03-18 04:55:45 -------- d-----w C:\Program Files\Adobe Illustrator Installer
2007-03-17 23:14:45 -------- d-----w C:\Program Files\mIRC
2007-03-17 05:59:08 -------- d-----w C:\Program Files\3dsmax7
2007-03-17 04:34:46 -------- d-----w C:\Program Files\DAEMON Tools
2007-03-17 04:23:45 -------- d-----w E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\dvdcss
2007-03-17 01:16:31 -------- d-----w C:\Program Files\AIM
2007-03-15 06:59:56 -------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-03-15 06:59:45 -------- d-----w C:\Program Files\backburner 2
2007-03-15 06:08:41 -------- d-----w C:\Program Files\Intel Corporation
2007-03-14 21:52:19 -------- d-----w C:\Program Files\Common Files\Alias Shared
2007-03-14 21:52:19 -------- d-----w C:\Program Files\Alias
2007-03-14 09:56:22 -------- d-----w C:\Program Files\MilkShape 3D 1.8.0
2007-03-14 09:54:34 -------- d-----w E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\MilkShape 3D 1.x.x
2007-03-11 01:07:14 646,392 ----a-w E:\WINDOWS\system32\drivers\sptd.sys
2007-03-11 01:06:30 1,694,616 ----a-w C:\Program Files\daemon408-139-x64.exe
2007-03-10 23:58:37 -------- d-----w C:\Program Files\DVD Decrypter
2007-03-09 08:01:08 -------- d-----w E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\IMVU
2007-02-10 10:03:21 268,704 ----a-w E:\WINDOWS\OfB11_Setup.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Software Update "= "\ "C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\" "
"LogMeIn GUI "= "\ "C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\" "
"TkBellExe "= "\ "C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot "
"MSConfig "= "E:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "\ "C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\" "
"DIRECT! "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IPConfig "=" "

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^anna luzzi^start menu^programs^adobe^startup^adobe gamma.lnk
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\c:^documents and settings^anna luzzi^start menu^programs^adobe^startup^imvu.lnk
C:\Program Files\IMVU\IMVUClient.exe --startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\e:^documents and settings^all users^start menu^programs^startup^adobe gamma loader.lnk
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\e:^documents and settings^all users^start menu^programs^startup^adobe reader speed launch.lnk
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\e:^documents and settings^all users^start menu^programs^startup^hp digital imaging monitor.lnk
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\e:^documents and settings^all users^start menu^programs^startup^logitech desktop messenger.lnk
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe /start

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\e:^documents and settings^all users^start menu^programs^startup^microsoft office.lnk
C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\359511908.exe
E:\WINDOWS\system32\359511908.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\696224658.exe
E:\WINDOWS\system32\696224658.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adobeupdater
C:\Program Files\common files\Adobe\Updater\AdobeUpdater.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\au
C:\Program Files\Dealio\DealioAU.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ipwins
C:\Program Files\Ipwindows\ipwins.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ldm
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechgalleryrepair
C:\Program Files\Logitech\ImageStudio\ISStart.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\logitechimagestudiotray
C:\Program Files\Logitech\ImageStudio\LogiTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lvcoms
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\math meta 1 about
C:\Documents and Settings\All Users\Application Data\TrustKindMathMeta\Ballsect.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rect idle
E:\DOCUME~1\ANNALU~1.ANN\APPLIC~1\SHOWEX~1\long send audio.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\restore operation
E:\DOCUME~1\ANNALU~1.ANN\LOCALS~1\Temp\svchots.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1
E:\WINDOWS\retadpu1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sunjavaupdatesched
"C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe "

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tkbellexe
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\windowsservice
rundll32.exe "E:\WINDOWS\system32\nlfnhfyb.dll ",realset

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{3c-c9-91-1c-zn}
e:\windows\system32\dwdsregt.exe SKY001

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{6831f5ea-0960-1033-0430-020624030001}
"C:\Program Files\Common Files\{6831F5EA-0960-1033-0430-020624030001}\Update.exe" te-110-12-0000213

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CAISafe "=dword:00000003
"Browser "=dword:00000002
"vsmon "=dword:00000002
"iPodService "=dword:00000003

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Contents of the 'Scheduled Tasks' folder
E:\WINDOWS\tasks\Uniblue SpyEraser.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 13:25:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-12 13:25:43
E:\ComboFix-quarantined-files.txt ... 2007-05-12 13:25
E:\ComboFix2.txt ... 2007-01-08 18:01

annabanana973 · 2007/05/12

Report.txt

As for Sdfix, I ran that and when I retarted my computer I didn’t have Fixtool run again, I don’t know if that’s important. Just the same, I posted the Report.txt.

SDFix: Version 1.83

Run by Administrator - Sat 05/12/2007 - 14:01:13.26

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages
kprof
new_drv
ntldr.sys
poof
TCP and UDP Supp0rt

ImagePath:

Killing PID 492 'smss.exe'
Killing PID 564 'winlogon.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File

annabanana973 · 2007/05/12

Logfile of HijackThis v1.99.1
Scan saved at 2:16:13 PM, on 5/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\runtime\bin\jrunsvc.exe
C:\Program Files\runtime\bin\jrun.exe
C:\Program Files\db\slserver52\bin\swagent.exe
C:\Program Files\db\slserver52\bin\swstrtr.exe
E:\WINDOWS\Explorer.EXE
C:\Program Files\db\slserver52\bin\swsoc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\jre\bin\java.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
E:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {8D5849A2-93F3-429D-FF34-260A2068897C} - (no file)
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe "
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\htzljvjid.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167871446015
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LMIinit - LMIinit.dll (file missing)
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\Program Files\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\Program Files\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\Program Files\db\slserver52\bin\swstrtr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Maya 7 PLE Documentation Server (mple7docserver) - Unknown owner - C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\wrapper.exe" -s "C:\Program Files\Alias\Maya 7.0 Personal Learning Edition\docs\Wrapper.conf (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)

TeMerc · 2007/05/22

Sorry for long reply, but Blender is having sever ISP issues preventing her from accessing this site. I'm going to look this thing over and reply tomorrow.

Again, apologies for this long wait. I'll be advising Blender on all I do to keep her in the loop.

Log in or Sign up

HiJackThis Logfile

annabanana973 Inactive Thread Starter

Geri Inactive Alumni

annabanana973 Inactive Thread Starter

Geri Inactive Alumni

Blender Inactive

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

Blender Inactive

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Log in or Sign up

HiJackThis Logfile

annabanana973 Inactive Thread Starter

Geri Inactive Alumni

annabanana973 Inactive Thread Starter

Geri Inactive Alumni

Blender Inactive

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

Blender Inactive

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

annabanana973 Inactive Thread Starter

TeMerc Inactive Alumni

Share This Page

Useful Searches