Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need An Analysis :/


  • This topic is locked This topic is locked
2 replies to this topic

#1 Griffin428

Griffin428

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 26 March 2007 - 12:01 AM

Ok, my problem is with "TROJ ROOTKIT.E" which affects (or comes through) rdriv.sys.

I don't know much about this stuff, but I can't delete rdriv.sys, and TrendMicro & many many freeware programs have all been unsuccessful in terminating this problem. I'm losing my patience, and after looking around I found out about Hijackthis, and thought I'd look for some help here.

Here's my log.

Logfile of HijackThis v1.99.1
Scan saved at 12:50:49 AM, on 26/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
F:\Dan's Programs\QuickTime\qttask.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\torrent.exe
F:\Logitech\G7 Mouse\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
F:\Mozilla Firefox\firefox.exe
F:\Dan's Programs\HijackThis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Trend Micro Antifraud Toolbar - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Trend Micro Antifraud Toolbar - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\INTERN~1\PccIeBar.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [QuickTime Task] "F:\Dan's Programs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System Support] torrent.exe
O4 - HKLM\..\RunServices: [System Support] torrent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [LDM] F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [System Support] torrent.exe
O4 - Startup: Folding@Home 5.03.lnk = ?
O4 - Startup: Xfire.lnk = F:\Dan's Programs\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\DAN'SP~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Dan's Programs\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: bw+0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: offline-8876480 - {B6770E06-B997-4A1F-9981-B209B13E86CC} - F:\Logitech\G7 Mouse\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: trojan.exe - Unknown owner - C:\WINDOWS\trojan.exe
O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - F:\Dan's Programs\Visual Basic 6.0 Enterprise Edition\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)


Thanks in advance...all help is appreciated.

BC AdBot (Login to Remove)

 


m

#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:37 PM

Posted 26 March 2007 - 03:13 AM

Hello and welcome aboard! :thumbsup:

Please print these instructions out, or save them to a notepad file, as you can't read them during the fix.

Please download SDFix and save it to your desktop.

Double-click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
5) Choose your usual account.
  • Open the extracted SDFix folder and double-click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to reboot.
  • Press any key and it will restart the PC.
  • When the PC reboots the tool will run again and complete the removal process -- when it displays Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Please post back with the results along with a fresh HijackThis log.

Hi there, stranger!

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:11:37 PM

Posted 08 April 2007 - 11:06 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users