PDA

View Full Version : Computer sending tons of spam behind the scenes


littleEd
2007-09-10, 16:19
Hi I have been having trouble with my computer over this past summer. My personal email was blocked by spamcop about 3 times in the past few months (for about 24 hours) and currently I am blocked for a few days now.

I have 2 computers on my network and I monitered the SMTP ports on both. One generated no log entries unless I sent mail manually, the other one (my computer) had a constant flow of SMTP activity, many of which noted random email addresses. I think its clear to see that my computer is the one with the issue here.


I did a scan with spybot and nothing came up. I believe this issue is the only problem I have.



Here is my report...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:17 AM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
X:\servers\xampp\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
X:\servers\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
X:\servers\xampp\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\TopDesk\topdesk.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94C78B7B-AABB-4126-8036-2E1FF466C2D1} - C:\WINDOWS\system32\ddcca.dll (file missing)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Shortcut to SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Yahoo! Widget Engine.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172507809890
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E9C637C-0A68-4E49-835E-95B60DEAEA59}: NameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9F5821E-FF54-4F20-8018-2A2C8E54E5B2}: NameServer = 64.71.255.198
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: wingdm32 - wingdm32.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - X:\servers\xampp\apache\bin\apache.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mysql - Unknown owner - X:\servers\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11250 bytes
Mr_JAk3
2007-09-12, 20:46
Hello and welcome to the forums :)

You got infections there...
We'll do some research...

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.
littleEd
2007-09-12, 21:51
I tried to run the scan 4 times

the first 2 times my computer restarted itself

the 3rd time I only chose to scan my c drive (have 3 other drives) and it retarted

4th time i went into safemode and tried to scan and it restarted. however as it scanned i copied the results and saved them in notepad every few seconds.

this is what i was able to save before it restarted for the 4th time...


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-12 16:40:06
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\xpdx.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\xpdx.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\xpdx.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\xpdx.sys The system cannot find the file specified.

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7825FB1] xpdx.sys

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7AF7A96] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7AF7958] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7AF7DA8] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7AF7306] SiWinAcc.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE
littleEd
2007-09-12, 21:52
[F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_EA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_EA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION
littleEd
2007-09-12, 21:53
[F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLOSE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_EA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER
[F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLOSE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_EA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA
littleEd
2007-09-12, 21:54
[F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLOSE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_EA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [F742D380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLOSE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_EA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [F744C760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [F744C760] timntr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7AF7A96] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7AF7958] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7AF7DA8] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7AF7306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7AF7306] SiWinAcc.sys
littleEd
2007-09-12, 21:55
---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{18D6E519-4C27-E4AD-074C5D1F171B40FB}\{8D7A772B-93EE-6905-4C751BA1B544AFC9}\{7029C73E-0020-BA9C-F3FADF03D99AF0E6}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{B3A3A58F-967E-A40A-C7DDFB524B0CDFB3}\{B28E8422-363F-1C4B-CC056478281B7FCE}\{569EFB20-10B3-C9F5-895B6A19B8852344}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x31 0x98 0xED 0xA2 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{C9E2B393-56C9-49A0-E9536816E76F722D}\{C3EAC204-1FBE-55E0-B9FAECEF4AC48E44}\{36C3AF1D-C1DF-E2E1-C86849C42C7FDBDC}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{CD33F05B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DCB42C02-2C7E-50EC-E2B5A792F7765BFB}\{38286259-1A12-EDE0-84E2CD6A1D76E8F7}\{2C2658AF-F73E-73C6-89D45D0D6FCCCFF2}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EEC79885-4786-49D7-ED36B6E7637E50FF}\{25B171C9-78C7-18E7-FBBA7E6592C7CB70}\{6B8ADD0A-85A7-C5B5-191A2895BD30C6E1}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FE8DBE89-D247-CDA0-331071706D351D5D}\{D7E03019-A44C-9829-6C33C3798CE56E87}\{A96D9761-82B1-07BB-8B5956B67D5931EC}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...


the forum restricted how many characters i can post (as i'm sure you know)
Mr_JAk3
2007-09-13, 18:59
Hello :)

Ok the scan revealed that you have a rootkit infection there. This is sending all the spam...

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
littleEd
2007-09-14, 02:30
ComboFix 07-09-13.3 - "Edward J" 2007-09-13 21:09:50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.199 [GMT -3:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\xpdx.sys
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CORE
-------\LEGACY_IPRIP
-------\LEGACY_NTMLSVC
-------\Iprip
-------\NtmlSvc
-------\xpdx


((((((((((((((((((((((((( Files Created from 2007-08-14 to 2007-09-14 )))))))))))))))))))))))))))))))
.

2007-09-13 21:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-13 01:41 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-09-13 00:30 <DIR> d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\gtk-2.0
2007-09-10 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-10 10:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-10 10:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-10 10:40 <DIR> d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Ethereal
2007-09-10 09:56 <DIR> d-------- C:\Program Files\WinPcap
2007-09-10 09:56 <DIR> d-------- C:\Program Files\Ethereal
2007-09-10 09:50 <DIR> d-------- C:\Program Files\Microsoft Network Monitor 3
2007-09-08 20:43 <DIR> d-------- C:\Program Files\EA SPORTS
2007-09-05 01:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
2007-09-04 23:03 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-09-04 23:03 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-09-04 23:03 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-09-04 09:32 <DIR> d-------- C:\Program Files\Motorola
2007-08-27 16:18 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-08-27 16:18 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-08-17 00:06 <DIR> d-------- C:\Program Files\Winamp
2007-08-16 23:44 <DIR> d-------- C:\Program Files\SHOUTcast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 21:20 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2007-09-04 09:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-09-04 09:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-08-26 22:47 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Ahead
2007-08-17 12:31 --------- d-------- C:\Program Files\Soulseek
2007-08-12 17:27 --------- d-------- C:\Program Files\GML
2007-08-09 11:19 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Canon
2007-08-09 11:06 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 11:06 --------- d-------- C:\Program Files\Canon
2007-08-09 11:03 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-09 11:03 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\ScanSoft
2007-08-09 11:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-08-09 11:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-08-09 11:02 --------- d-------- C:\Program Files\ScanSoft
2007-08-07 01:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-08-07 01:56 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Ulead Systems
2007-08-07 01:11 1731172 ---hs---- C:\WINDOWS\system32\yccdd.bak1
2007-08-07 00:07 164787 --a------ C:\WINDOWS\system32\drivers\core.cache(2).dsk
2007-08-05 16:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-05 16:14 --------- d-------- C:\Program Files\Common Files\Ulead Systems
2007-08-02 12:19 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\U3
2007-08-01 01:06 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\uTorrent
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 09:31 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Paltalk
2007-07-30 01:38 --------- d-------- C:\Program Files\Paltalk Messenger
2007-07-28 20:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-07-24 11:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-23 02:58 --------- d-------- C:\Program Files\VirtualDJ
2007-07-23 01:53 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\MySQL
2007-07-22 23:43 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Nero
2007-07-21 10:38 --------- d-------- C:\Program Files\The Rosetta Stone
2007-07-21 10:00 --------- d-------- C:\Program Files\Bonjour
2007-07-21 09:49 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-17 09:54 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Thunderbird
2007-06-27 11:34 823808 --a------ C:\WINDOWS\system32\wininet(2)(2).dll
2007-06-27 11:34 267776 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll
2007-06-27 11:34 1152000 --a------ C:\WINDOWS\system32\urlmon(2)(2).dll
2007-06-27 11:34 105984 --a------ C:\WINDOWS\system32\url(2)(2).dll
2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32(2)(2).dll
2007-06-13 07:23 1033216 --a------ C:\WINDOWS\explorer.exe
2007-02-01 20:05 6176 --a------ C:\Program Files\uninstal.log
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94C78B7B-AABB-4126-8036-2E1FF466C2D1}]
C:\WINDOWS\system32\ddcca.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 17:49]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-06-20 13:01]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-06-20 13:02]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-06-20 13:01]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 C:\WINDOWS\KHALMNPR.Exe]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-06-01 08:09]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 17:27]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 13:27]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 13:28]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 14:03]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 09:00]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50]
Shortcut to SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-02 04:47:10]
Yahoo! Widget Engine.lnk.disabled [2007-02-27 05:06:06]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
CamTrack.lnk - C:\Program Files\DigitalPeers\CamTrack\camtrack.exe [2007-06-27 20:38:51]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
CamTrack.lnk - C:\Program Files\DigitalPeers\CamTrack\camtrack.exe [2007-06-27 20:38:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayItemsDisplay"=00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]
wingdm32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ResChanger 2005"=C:\Program Files\ResChanger 2005\ResChanger2005.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"DeltTray"=DeltTray.exe
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 ADIDTSFiltService;ADI DTS Filter Service;C:\WINDOWS\system32\drivers\adidts.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;C:\WINDOWS\system32\DRIVERS\m4cxw2k3.sys
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ee84a6-4041-11dc-8241-0015af0890ae}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ee84a7-4041-11dc-8241-0015af0890ae}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- J:\Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-12 11:04:59 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 21:22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-13 21:25:00 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-13 21:24
.
--- E O F ---
Mr_JAk3
2007-09-14, 17:01
Hi we'll continue :)

Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\ddcca.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94C78B7B-AABB-4126-8036-2E1FF466C2D1}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wingdm32]


Save this as "CFScript"

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
littleEd
2007-09-15, 02:45
ComboFix 07-09-13.3 - "Edward J" 2007-09-14 21:32:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.130 [GMT -3:00]
* Created a new restore point

FILE::
C:\WINDOWS\system32\yccdd.bak1
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\ddcca.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\yccdd.bak1

.
((((((((((((((((((((((((( Files Created from 2007-08-15 to 2007-09-15 )))))))))))))))))))))))))))))))
.

2007-09-13 21:09 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-13 01:41 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-09-13 00:30 <DIR> d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\gtk-2.0
2007-09-10 10:53 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-10 10:41 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-10 10:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2007-09-10 10:40 <DIR> d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Ethereal
2007-09-10 09:56 <DIR> d-------- C:\Program Files\WinPcap
2007-09-10 09:56 <DIR> d-------- C:\Program Files\Ethereal
2007-09-10 09:50 <DIR> d-------- C:\Program Files\Microsoft Network Monitor 3
2007-09-08 20:43 <DIR> d-------- C:\Program Files\EA SPORTS
2007-09-05 01:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
2007-09-04 23:03 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-09-04 23:03 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-09-04 23:03 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-09-04 09:32 <DIR> d-------- C:\Program Files\Motorola
2007-08-27 16:18 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-08-27 16:18 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-08-17 00:06 <DIR> d-------- C:\Program Files\Winamp
2007-08-16 23:44 <DIR> d-------- C:\Program Files\SHOUTcast

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 21:20 0 --a------ C:\WINDOWS\system32\drivers\lvuvc.hs
2007-09-04 09:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2007-09-04 09:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2007-08-26 22:47 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Ahead
2007-08-17 12:31 --------- d-------- C:\Program Files\Soulseek
2007-08-12 17:27 --------- d-------- C:\Program Files\GML
2007-08-09 11:19 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Canon
2007-08-09 11:06 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-09 11:06 --------- d-------- C:\Program Files\Canon
2007-08-09 11:03 --------- d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-08-09 11:03 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\ScanSoft
2007-08-09 11:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-08-09 11:03 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-08-09 11:02 --------- d-------- C:\Program Files\ScanSoft
2007-08-07 01:57 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2007-08-07 01:56 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Ulead Systems
2007-08-05 16:17 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2007-08-05 16:14 --------- d-------- C:\Program Files\Common Files\Ulead Systems
2007-08-02 12:19 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\U3
2007-08-01 01:06 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\uTorrent
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-30 09:31 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Paltalk
2007-07-30 01:38 --------- d-------- C:\Program Files\Paltalk Messenger
2007-07-28 20:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
2007-07-24 11:39 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-23 02:58 --------- d-------- C:\Program Files\VirtualDJ
2007-07-23 01:53 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\MySQL
2007-07-22 23:43 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Nero
2007-07-21 10:38 --------- d-------- C:\Program Files\The Rosetta Stone
2007-07-21 10:00 --------- d-------- C:\Program Files\Bonjour
2007-07-21 09:49 --------- d-------- C:\Program Files\Common Files\Macrovision Shared
2007-07-17 09:54 --------- d-------- C:\DOCUME~1\EDWARD~1\APPLIC~1\Thunderbird
2007-06-27 11:34 823808 --a------ C:\WINDOWS\system32\wininet(2)(2).dll
2007-06-27 11:34 267776 --a------ C:\WINDOWS\system32\iertutil(2)(2).dll
2007-06-27 11:34 1152000 --a------ C:\WINDOWS\system32\urlmon(2)(2).dll
2007-06-27 11:34 105984 --a------ C:\WINDOWS\system32\url(2)(2).dll
2007-06-26 03:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-19 10:31 282112 --a------ C:\WINDOWS\system32\gdi32(2)(2).dll
2007-02-01 20:05 6176 --a------ C:\Program Files\uninstal.log
2006-05-03 10:06:54 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47:16 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((( snapshot_2007-09-13_212405.00 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 219,713 2007-09-14 00:25:12 C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
----a-w 219,719 2007-09-14 00:21:18 C:\WINDOWS\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 17:49]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe" [2006-06-20 13:01]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe" [2006-06-20 13:02]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-06-20 13:01]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 15:46 C:\WINDOWS\KHALMNPR.Exe]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-06-01 08:09]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-17 17:27]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 13:27]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 13:28]
"TopDesk"="C:\Program Files\TopDesk\topdesk.exe" [2006-03-01 14:03]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 09:00]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50]
Shortcut to SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-02 04:47:10]
Yahoo! Widget Engine.lnk.disabled [2007-02-27 05:06:06]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
CamTrack.lnk - C:\Program Files\DigitalPeers\CamTrack\camtrack.exe [2007-06-27 20:38:51]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
CamTrack.lnk - C:\Program Files\DigitalPeers\CamTrack\camtrack.exe [2007-06-27 20:38:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoTrayItemsDisplay"=00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ResChanger 2005"=C:\Program Files\ResChanger 2005\ResChanger2005.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"DeltTray"=DeltTray.exe
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R0 SI3132;SiI-3132 SATALink Controller;C:\WINDOWS\system32\DRIVERS\SI3132.sys
R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R2 gearsec;gearsec;C:\WINDOWS\system32\gearsec.exe
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R3 ADIDTSFiltService;ADI DTS Filter Service;C:\WINDOWS\system32\drivers\adidts.sys
R3 AmdLLD;AMD Low Level Device Driver;C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;C:\WINDOWS\system32\DRIVERS\m4cxw2k3.sys
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ee84a6-4041-11dc-8241-0015af0890ae}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14ee84a7-4041-11dc-8241-0015af0890ae}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- J:\Recycled\ctfmon.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 11:23:25 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-14 21:38:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\WINDOWS\system32\cmd.exe [19424] 0x84D2D370


scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-09-14 21:39:27
C:\ComboFix-quarantined-files.txt ... 2007-09-14 21:38
C:\ComboFix2.txt ... 2007-09-13 21:25
.
--- E O F ---
Mr_JAk3
2007-09-15, 16:11
Ok looks better :)

Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols.shtml)

Note: This Scanner is for Internet Explorer Only!
Follow the Instruction Here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh hijacKThis log


Also please run GMER scan again and post it's log to here.
littleEd
2007-09-15, 20:44
Scanning Report
Saturday, September 15, 2007 12:24:34 - 14:35:04
Computer name: V7TECHNOLOGY
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ E:\ F:\ X:\


--------------------------------------------------------------------------------

Result: 56 malware found
Tracking Cookie (spyware)
System (Disinfected)
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 101289
System: 5799
Not scanned: 3
Actions:
Disinfected: 1
Renamed: 0
Deleted: 0
None: 55
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\DOCUMENTS AND SETTINGS\EDWARD J\LOCAL SETTINGS\TEMP\PHOTOSHOP TEMP471464936

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-09-14
F-Secure AVP: 7.0.171, 2007-09-15
F-Secure Orion: 1.2.37, 2007-09-15
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0600-150-72
F-Secure Pegasus: 1.19.0, 2007-08-10
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
littleEd
2007-09-15, 20:45
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:40:26 PM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
X:\servers\xampp\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
X:\servers\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
X:\servers\xampp\apache\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Adobe\Adobe Fireworks CS3\Fireworks.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Adobe Bridge CS3\Bridge.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Shortcut to SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Yahoo! Widget Engine.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172507809890
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E9C637C-0A68-4E49-835E-95B60DEAEA59}: NameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9F5821E-FF54-4F20-8018-2A2C8E54E5B2}: NameServer = 64.71.255.198
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - X:\servers\xampp\apache\bin\apache.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mysql - Unknown owner - X:\servers\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11628 bytes


will do the gmer scan next..hopefully it doesnt make my computer restart again
littleEd
2007-09-15, 21:48
didnt restart my computer this time :bigthumb:


GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-15 16:42:58
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F2A1 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A0297 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A0218 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A025C C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A01A4 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A01DE C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A02D2 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F3164E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[3672] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A62EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A62C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A62C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe[444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A62C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe[1056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A72EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe[1056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A72C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe[1056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A72C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe[1056] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A72C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[1100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00912EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00912C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00912C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00912C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\rundll32.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\rundll32.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\rundll32.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\rundll32.exe[1588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\TopDesk\topdesk.exe[1596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\TopDesk\topdesk.exe[1596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\TopDesk\topdesk.exe[1596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\TopDesk\topdesk.exe[1596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
littleEd
2007-09-15, 21:49
IAT C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe[1604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe[1604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe[1604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\DOCUME~1\EDWARD~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe[1604] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\wbem\unsecapp.exe[1744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\Explorer.EXE[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\Explorer.EXE[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\Explorer.EXE[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\Explorer.EXE[2104] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\ScanSoft\OmniPageSE\opware32.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00352EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\ScanSoft\OmniPageSE\opware32.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00352C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\ScanSoft\OmniPageSE\opware32.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00352C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\ScanSoft\OmniPageSE\opware32.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00352C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\ctfmon.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\ctfmon.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\ctfmon.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\ctfmon.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009A2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009A2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009A2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe[3464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009A2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\nvraidservice.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\nvraidservice.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\nvraidservice.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\WINDOWS\system32\nvraidservice.exe[3552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
littleEd
2007-09-15, 21:49
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\MSN Messenger\MsnMsgr.Exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01312EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\MSN Messenger\MsnMsgr.Exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01312C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\MSN Messenger\MsnMsgr.Exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01312C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\MSN Messenger\MsnMsgr.Exe[3672] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01312C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Documents and Settings\Edward J\Desktop\gmer.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Documents and Settings\Edward J\Desktop\gmer.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Documents and Settings\Edward J\Desktop\gmer.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Documents and Settings\Edward J\Desktop\gmer.exe[4060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[4120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[4120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[4120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Logitech\SetPoint\SetPoint.exe[4120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[4284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[4284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]
[00A52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[4284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[4284] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F02EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F02C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F02C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[4352] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F02C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe[4364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FF2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe[4364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FF2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe[4364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FF2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe[4364] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FF2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
littleEd
2007-09-15, 21:50
IAT C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00372EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00372C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00372C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
IAT C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE[4580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00372C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F78A4A96] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F78A4958] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F78A4DA8] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE
littleEd
2007-09-15, 21:51
[F726C1DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F726C1DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F726C454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F726C1DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F725FF4C] fltMgr.sys

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A3685A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A3685A] avgtdi.sys

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE
[F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY
littleEd
2007-09-15, 21:52
[F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLOSE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_EA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_EA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE
littleEd
2007-09-15, 21:53
[F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLOSE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_EA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLOSE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_EA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLOSE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_EA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE
littleEd
2007-09-15, 21:54
[F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLOSE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_EA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [F70FA380] snapman.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLOSE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_EA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY
[F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [F7119760] timntr.sys
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [F7119760] timntr.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A3685A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A3685A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A3685A] avgtdi.sys

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F78A4A96] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F78A4958] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION
littleEd
2007-09-15, 21:55
[F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F78A4DA8] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F78A4306] SiWinAcc.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F79B2404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F726C1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F726C1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F726C454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F726C1DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F725FF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F725FF4C] fltMgr.sys

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{18D6E519-4C27-E4AD-074C5D1F171B40FB}\{8D7A772B-93EE-6905-4C751BA1B544AFC9}\{7029C73E-0020-BA9C-F3FADF03D99AF0E6}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{B3A3A58F-967E-A40A-C7DDFB524B0CDFB3}\{B28E8422-363F-1C4B-CC056478281B7FCE}\{569EFB20-10B3-C9F5-895B6A19B8852344}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x31 0x98 0xED 0xA2 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{C9E2B393-56C9-49A0-E9536816E76F722D}\{C3EAC204-1FBE-55E0-B9FAECEF4AC48E44}\{36C3AF1D-C1DF-E2E1-C86849C42C7FDBDC}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{CD33F05B-57D8-EB8D-1C637C8E18479BDE}\{4B66B287-DF55-8BF6-0C7A245C073DF874}\{2B094E66-D192-13E4-CB3BD0799FCAC2FC}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DCB42C02-2C7E-50EC-E2B5A792F7765BFB}\{38286259-1A12-EDE0-84E2CD6A1D76E8F7}\{2C2658AF-F73E-73C6-89D45D0D6FCCCFF2}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EEC79885-4786-49D7-ED36B6E7637E50FF}\{25B171C9-78C7-18E7-FBBA7E6592C7CB70}\{6B8ADD0A-85A7-C5B5-191A2895BD30C6E1}@1D1OWFM6WKF6TLM3S2BGKKUUDG1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FE8DBE89-D247-CDA0-331071706D351D5D}\{D7E03019-A44C-9829-6C33C3798CE56E87}\{A96D9761-82B1-07BB-8B5956B67D5931EC}@{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version@Version 0x31 0x98 0xED 0xA2 ...

---- EOF - GMER 1.0.13 ----
Mr_JAk3
2007-09-16, 13:42
Hello :)

It is looking quite good now. How is the computer running now? Any issues?
littleEd
2007-09-16, 15:26
things seem to look ok. is it possible to let me know how i could have got the malware? and what malware i actually had?
thank u for all your help
littleEd
2007-09-16, 20:50
i left my computer for a few hours and monitered port 25 to see if any mail was attempting to send. I got three entries all trying to connect to mailwasher23.pair.com is this something I should worry about.
Mr_JAk3
2007-09-17, 18:25
Hmm we may run additional scanners...

You should print these instructions or save these to a text file. Follow these instructions carefully.

Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, you should now mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.

When the scan has finished, look if you can click next icon next to the files found http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable
After the scan, in the menu, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot the computer in Normal Mode,
Post the Cure-it report and a fresh HijackThis log
littleEd
2007-09-18, 03:09
SUPER.exe;C:\Program Files\eRightSoft\SUPER;Probably DLOADER.Trojan;Incurable.Moved.;
A0063473.bat;C:\System Volume Information\_restore{9175CE8D-29DD-4391-85C9-92FE656C6059}\RP278;Probably SCRIPT.Virus;Incurable.Moved.;
A0063704.bat;C:\System Volume Information\_restore{9175CE8D-29DD-4391-85C9-92FE656C6059}\RP279;Probably SCRIPT.Virus;Incurable.Moved.;
pv.exe;E:\PortableApps\xampp\apache\bin;Program.PrcView.3725;Incurable.Moved.;
pv.exe;X:\servers\xampp\apache\bin;Program.PrcView.3725;Incurable.Moved.;
littleEd
2007-09-18, 03:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:34 PM, on 9/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
X:\servers\xampp\apache\bin\apache.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
X:\servers\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
X:\servers\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\TopDesk\topdesk.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MSN Messenger\usnsvc.exe
E:\PortableApps\FirefoxPortable\App\firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEnterpriseServer\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TopDesk] C:\Program Files\TopDesk\topdesk.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Program Files\DigitalPeers\CamTrack\camtrack.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Shortcut to SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Yahoo! Widget Engine.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-_UNO/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172507809890
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E9C637C-0A68-4E49-835E-95B60DEAEA59}: NameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{C9F5821E-FF54-4F20-8018-2A2C8E54E5B2}: NameServer = 64.71.255.198
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Apache Software Foundation - X:\servers\xampp\apache\bin\apache.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: mysql - Unknown owner - X:\servers\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11215 bytes
Mr_JAk3
2007-09-18, 20:08
Hi :)

Ok nothing bad.

Still strange behavior or issues?
littleEd
2007-09-18, 22:42
computer is running fine :eek:
monitered port 25...and no problems :cool:


thanks so much for your help.
are you able to tell me how I even got the malware.. and what its name is?
Mr_JAk3
2007-09-19, 18:07
Hello :)

The main infection which sent the spam was a variant of "rustock" rootkit. Hard to say how you got it, maybe downloaded something bad or visited a bad website.

You can remove the tools we used.

Then you should update your Java to the latest version (6u2) Start
Control Panel
Add/Remove Programs
Delete the old Java,
J2SE Runtime Environment 5.0 Update 11
Download the latest version of Java Runtime Environment (JRE) 6u2 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it

Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

=============

Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)

Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.

Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)
littleEd
2007-09-19, 18:14
Thanks again for all your help.:bigthumb:
Mr_JAk3
2007-09-19, 18:48
As the problem appears to be resolved this topic has been archived.

If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

Glad we could help :2thumb: