Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help To Remove Bagle/beagle Trojan Virus And Changes


  • This topic is locked This topic is locked
25 replies to this topic

#1 mda

mda

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 04 September 2007 - 11:55 PM

hijackthis file is at bottom.

this is on a toshiba laptop, so a number of the services listed are from toshiba. the virus or the changes
it made does/do not affect my system when in safe mode.


post Aug 31 2007, 06:15 AM
Post #1


i am having a problem with a virus that i've been unable to
fix, and i hope someone on here can help me remove it and
fix the changes it may have made to the registry.

i am using vista business oem.

i had avast antivirus with all updates running.

ditto windows defender and windows firewall.

the user accounts control is disabled, ditto the shadow copies.

------------------------------------------------------------------

i downloaded some rar files.

several hours later i noticed the network connection
application window popping up, trying to access
internet explorer (i never use ie, only opera and firefox).
i kept closing the app over and over again.
i finally let it access ie to see why it was opening.

it tried to go to a couple of web sites a few times, but
never got anything but a blank page.

i tried using task manager to see what was going on and
found a program named hidr.exe that i did not recognize.
i stopped the program, then searched to find the file. i then
deleted the file. i assumed that since avast, defender, and
the firewall were running and that since avast had not
warned me of a virus being downloaded, that hidr.exe was
just another innocuous piece of spyware that came in with
the images and text from my browser.

several hours after that, i tried to use avast to manually
scan some newly downloaded files, and it's scan window
did not open. i tried again, but still nothing. i looked at the
avast icon on the taskbar, and saw it disappear. i tried to
load avast manually with the desktop shortcut, and the link
was reported as bad. when i looked in the avast directory,
most of the .exe files were missing. i then tried to re-install
avast, and as i did that, it's .exe files vanished. ditto for the
other missing files that i tried to copy from a usb drive. the
files either would vanish as i installed them, or when i looked
with windows explorer to see if my copies were there.
the files also were being deleted from the usb drive. the only
way i was able to copy the files back to the original drive
without them being almost immediately deleted was to put it in
a usb case and use another drive as my system drive

i looked on the web for an explanation and discovered that
hidr.exe was a virus that deleted antiviral programs. i tried
installing avast in safe mode, but it could not find the virus.
i also tried the manual removal some websites mentioned,
but the changes to the registry that it mentioned did not seem
to exist in my registry, at least not where the websites said
the alterations would be.

i tried installing trend micro pc-cillian, but it's files vanished as
well. i then tried online virus scanners, which found no viruses
on my system. i then tried installing pc-cillian on another system
drive, and connected my original c:\ drive via usb.

that found a virus in one of the new rar files, so i thought that all
i had to do was to delete that file. when i re-installed my orginal
system drive, i discovered that the virus must be still in the
system, since files were still vanishing.

i tried some more looking around the web, found a couple of anti-
virus programs that would install both in safe mode and normal
mode, but they could also not find any viruses.

i assume that the hidr.exe file came from a program .exe file in that
.rar file i downloaded, and that it installed something nasty in my
system or changed things in the registry. i can't figure out why
avast did not see the virus inside the .exe, and i can't figure out
why trend's pc-cillian or the other programs could not find the installed
virus or find the registry changes.

the name given to the virus in the .exe file in the rar file varies a bit
by the programs i tried- bagle.add, W32/Bagle.ea, Worm_Win32_Bagle.gen!C,
and WORM_BAGLE.KO.

the worst it seemed to be doing was deleting chkdsk.exe, as well as notskrnl.exe
which is needed to boot windows and forced me to use the install/repair disc
every time i needed to boot. none of the websites i looked at seemed to
mention those two files.

i tried using hijack this, startup list, Prevx2Agent.1.0.2.85.Vista, registryboosteraff,
Autoruns, avast cleaner aswclnr, trend housecall66, and trend registry cleaner sysclean

--------------------------------------------------------------------
from the McAfee > Theat Center > Virus Detail Page-Aliases

TROJ_MITGLIED.AI (Trend Micro)
Trojan-Proxy.Win32.Mitglieder.dz (Kaspersky)
W32.Beagle.DZ (Symantec)
W32/Bagle.MD (Norman)
Win32/TrojanProxy.Mitglieder.DZ (ESET)

Characteristics

"W32/Bagle.ea is a trojan which terminates processes and services, most
of which are related to popular security and antivirus applications."

this seems to be correct


"It also uses a rootkit component for hiding its presence on an infected system.

Upon execution, the trojan drops a copy of itself as:

Documents and Settings\%Username%\Application Data\hidires\hidr.exe

Drops its rootkit component into the following location:

Documents and Settings\%UserName%\Application Data\hidires\m_hook.sys"

i could not find this, even in safe mode.

"Creates the following registry entries to autostart itself when Windows starts:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"drvsyskit" = "Documents and Settings\%UserName%\Application Data\hidires\hidr.exe"

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\m_hook
"ImagePath" = "Documents and Settings\%UserName%\Application Data\hidires\m_hook.sys" "

i also could not find this.

--------------------------------------------------------------------------------------------------
some of the files it deleted on my drive-

08/26/2007 16:09
Scan of all local drives

File C:\Program Files\Alwil Software\Avast4\ashAvast.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashChest.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashDisp.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashLogV.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashPopWz.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashQuick.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashServ.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashSimp2.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashSimpl.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashSkPck.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashUpd.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\ashWebSv.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\copyx64.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\sched.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\VisthLic.exe Error 0xC000000F {File Not Found}
File C:\Program Files\Alwil Software\Avast4\VisthUpd.exe Error 0xC000000F {File Not Found}

File C:\Program Files\Iomega\Registration\Register.exe Error 0xC000000F {File Not Found}

File C:\Program Files\Mozilla Firefox\uninstall\helper.exe Error 0xC000000F {File Not Found}

File C:\Program Files\PowerQuest\PartitionMagic 8.0\BTIniNt.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\BTIni.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\FSIMAGE.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\partinfo.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\PQBOOT.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\PQBOOTX.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\PQMAGIC.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\PTEDIT.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\SNUTIL.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\DOS\WRPROG.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\PartIn9x.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\PartInNT.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\PMagic9x.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\PMagicBt.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\PMagicNT.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\PQLAUNCH.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\PqPe.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\pqpe9x.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\pqpeNT.exe Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\PTEDIT32.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\CHKDSK.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\EMM386.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\FLOPPY.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\FLOPPY9x.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\FLOPPYME.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\NWCDEX.EXE Error 0xC000000F {File Not Found}
File C:\Program Files\PowerQuest\PartitionMagic 8.0\RESCUEME\DOSYSTEM\PTEDIT32.EXE Error 0xC000000F {File Not Found}

File C:\Program Files\Roxio\VideoUI 9\tracelog.exe Error 0xC000000F {File Not Found}

File C:\Windows\Installer\{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}\PQBoot.exe Error 0xC000000F {File Not Found}

File C:\Windows\System32\chkdsk.exe Error 0xC000000F {File Not Found}

File C:\Windows\System32\ntoskrnl.exe Error 0xC000000F {File Not Found}

File C:\Windows\winsxs\x86_microsoft-windows-chkdsk_31bf3856ad364e35_6.0.6000.16386_none_bfaf97e48fc56cbc\chkdsk.exe Error

0xC000000F {File Not Found}

File C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe Error

0xC000000F {File Not Found}

File E:\0TEMPDL\NORTON\NU\NORTON80\DISK3\RESCUE.EXE Error 0xC000000F {File Not Found}
File E:\0TEMPDL\NORTON\NU\NORTON80\DISK3\SYSINFO.EXE Error 0xC000000F {File Not Found}

File E:\WIN95-PRGS\AFTERDRK\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\W95-PUT-ON-CD\DOS-BOOT\CHKDSK.EXE Error 0xC000000F {File Not Found}

File E:\D-ON-WIN95-5-4-07\000\PCI-133\PCI2IDE133\DOS\CHKDSK.EXE Error 0xC000000F {File Not Found}

File E:\D-ON-WIN95-5-4-07\pshop4\RegFiles\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\DOS\CHKDSK.EXE Error 0xC000000F {File Not Found}
File E:\E-ON-WIN95-5-4-07\DOS\EMM386.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\DTTOYS\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\HPNETPRN.W4W\MONITOR.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\MHUNI2\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\NAV\RESCUE.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\NU\RESCUE.EXE Error 0xC000000F {File Not Found}
File E:\E-ON-WIN95-5-4-07\NU\SYSINFO.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\SCSI\SCANNER.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\SDD52\BACKUP\MONITOR.EXE Error 0xC000000F {File Not Found}
File E:\E-ON-WIN95-5-4-07\SDD52\WIN16\MONITOR.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\WINDOWS\EMM386.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\WINDOWS\PIXTRAN\RUNSETUP.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\WINDOWS\TWAIN\EPSON\RUNSETUP.EXE Error 0xC000000F {File Not Found}

File E:\E-ON-WIN95-5-4-07\AFTERDRK\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN95-5-13-1997\pshop4\RegFiles\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN95-5-13-1997\ZIP\ARJ\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN95-5-13-1997\WINDOWS\EMM386.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN95-5-13-1997\WINDOWS\COMMAND\CHKDSK.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN95-5-13-1997\SCSI\scanner.exe Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN95-5-13-1997\Program Files\Quick View Plus\REGISTER\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN311-5-13-1997\WINDOWS\EMM386.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN311-5-13-1997\SCSI31\SCSI\SCANNER.EXE Error 0xC000000F {File Not Found}
File E:\C-OLD-WIN311-5-13-1997\SCSI\SCANNER.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN311-5-13-1997\NU\RESCUE.EXE Error 0xC000000F {File Not Found}
File E:\C-OLD-WIN311-5-13-1997\NU\SYSINFO.EXE Error 0xC000000F {File Not Found}

File E:\C-OLD-WIN311-5-13-1997\DOS-ORG\CHKDSK.EXE Error 0xC000000F {File Not Found}
File E:\C-OLD-WIN311-5-13-1997\DOS-ORG\EMM386.EXE Error 0xC000000F {File Not Found}
File E:\C-OLD-WIN311-5-13-1997\DOS\CHKDSK.EXE Error 0xC000000F {File Not Found}
File E:\C-OLD-WIN311-5-13-1997\DOS\EMM386.EXE Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\clickbook\clikb205\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\nav-5\navapw32.exe Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\nav-5\NavLu32.exe Error 0xC000000F {File Not Found}
File E:\C-WIN95--5-9-07\nav-5\NAVW32.EXE Error 0xC000000F {File Not Found}
File E:\C-WIN95--5-9-07\nav-5\NSCHED32.EXE Error 0xC000000F {File Not Found}
File E:\C-WIN95--5-9-07\nav-5\RESCUE.EXE Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\Program Files\Quick View Plus\PROGRAM\Register.exe Error 0xC000000F {File Not Found}
File E:\C-WIN95--5-9-07\Program Files\Quick View Plus\REGISTER\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\SCSI\scanner.exe Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\WINDOWS\EMM386.EXE Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\WINDOWS\COMMAND\CHKDSK.EXE Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\WINDOWS\TWAIN_32\Scanwiz\SCAN32.EXE Error 0xC000000F {File Not Found}

File E:\C-WIN95--5-9-07\ZIP\ARJ\REGISTER.EXE Error 0xC000000F {File Not Found}
File E:\C-WIN95--5-9-07\ZIP\ARJ\arj255\REGISTER.EXE Error 0xC000000F {File Not Found}

File E:\pm8\DOS\BTIni.exe Error 0xC000000F {File Not Found}
File E:\pm8\DOS\FSIMAGE.EXE Error 0xC000000F {File Not Found}
File E:\pm8\DOS\partinfo.exe Error 0xC000000F {File Not Found}
File E:\pm8\DOS\PQBOOT.EXE Error 0xC000000F {File Not Found}
File E:\pm8\DOS\PQBOOTX.EXE Error 0xC000000F {File Not Found}
File E:\pm8\DOS\PQMAGIC.EXE Error 0xC000000F {File Not Found}
File E:\pm8\DOS\PTEDIT.EXE Error 0xC000000F {File Not Found}
File E:\pm8\DOS\SNUTIL.EXE Error 0xC000000F {File Not Found}
File E:\pm8\DOS\WRPROG.EXE Error 0xC000000F {File Not Found}

--------------------------------------------------------------------------
post Aug 31 2007, 02:14 PM
Post #2


Bleepin' Mod
******

Group: Moderator
Posts: 2,004
Joined: 18-March 06
From: B.C. Canada
Member No.: 59,826


Hi mda,

Try using the W32.Beagle@mm Removal Tool for the Bagle/Beagle infection.

Sophos has also provided These instructions to help remove the infection.


--------------------------------------------------------------------------------------

post Aug 31 2007, 07:50 PM
Post #3


New Member
*

Group: Members
Posts: 5
Joined: 31-August 07
Member No.: 153,877



thanks for the response. unfortunately, neither of these programs worked. the removal tool
was dated July 5, 2006, so perhaps it only works on windows oss up to xp. ditto for the
baglegui.com program from sophos. both used the same 1.13 data file.

i got many visual c++ runtime errors from the removal tool before it started to work, and as
it said i could run it in normal windows, i did that. i did not know it would try to scan all of my
files or i would have run it in safe mode.

the virus did it's bit as the tool was scanning and deleted my files again. it said there were no
viruses. i ran it again in safe mode, and got the same end result. the logs from both programs
had thousands of entries that either said "not scanned" or "warning: not scanned, path to long"
(their misspelling).

do you or anyone else have any other suggestions?

thanks,

mda
--------------------------------------------------------------------------------------
post Aug 31 2007, 08:06 PM
Post #4


Bleepin' Janitor
******

Group: Moderator
Posts: 4,717
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513



Download Sysclean Package & save it to your desktop.

* Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
* Place the sysclean.com inside that folder.
* Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file

number)
* Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (Click here for information

on how to extract a file if your not sure how to do this. DO NOT scan yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once

during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the

arrow keys to navigate and select the option to run Windows in "Safe Mode".

Note: Some anti-virus programs such as Avast will alert you to a virus attack when running sysclean so it's best to disable them

before going to the next step.

Scan with Sysclean as follows:

* Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
* Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
* Click the Advanced >> button.
* The scan options appear. Select the "Scan all local fixed drives".
* Click the "Scan button" on the Trend Micro System Cleaner console.
* It will take some time to complete. Be patient and let it clean whatever it finds.
* Another MS-DOS window appears containing the log file generated in the System Cleaner folder.
* To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log

window appears.
o The Files Detected section shows the viruses that were detected by System Cleaner.
o The Files Clean section shows the viruses that were cleaned.
o The Clean Fail section shows the viruses that were not cleaned.
* Exit when done, reboot normally and re-enable your anti-virus program.

Instructions with screenshots are here if you need them.

When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have

the rights to scan some locations. The scanning process may result in "Access Denied" messages for some files. This is normal

because these files are protected by the system. This tool generates a log file (sysclean.log) in the same folder where the scan is

completed.

Then perform one of these online Virus scans if symptoms persist: ESET Online Scanner
BitDefender Online Scanner <- Add a check by "Autoclean".
(Requires Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following

ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.)


--------------------------------------------------------------------------------------

post Sep 1 2007, 08:29 AM
Post #5


New Member
*

Group: Members
Posts: 5
Joined: 31-August 07
Member No.: 153,877




thanks for the reply. i mentioned in my first post that i tried sysclean. i tried
it just like you described, but it did not see any viruses.

i did try ESET Online Scanner and BitDefender Online Scanner because of your
post. they did not show any viruses either, other than a test rar file i put in
place that has spyware in it (just to see if they worked- this had previously
been caught by avast).

i have a copy of the bagle/beagle virus in it's rar/exe file that is still messing with my laptop, on a flash chip. maybe someone

knows if there is someplace that can analyze it for me?
Go to the top of the page
----------------------------------------------------------------------------------

post Sep 1 2007, 09:16 AM
Post #6


Bleepin' Mod
******

Group: Moderator
Posts: 2,004
Joined: 18-March 06
From: B.C. Canada
Member No.: 59,826




Anytime you come across a suspicious file, you can submit it to jotti's virusscan or Virus Total.
In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.


------------------------------------------------------------------------------------

post Sep 2 2007, 02:41 AM
Post #7


New Member
*

Group: Members
Posts: 5
Joined: 31-August 07
Member No.: 153,877




thanks. i tried the two sites. the results are below:

Online malware scanJotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File:
Status: INFECTED/MALWARE
MD5: 8247c16432d8e81da5ee15f90e4e8eef
Packers detected: Analyzing...
Bit9 reports: File not found

Scanner results
Scan taken on 02 Sep 2007 09:26:37 (GMT)
A-Squared Found nothing
AntiVir Found TR/Bagle.Gen.B
ArcaVir Found Worm.Beagle.Jc
Avast Found Win32:Beagle-WS
AVG Antivirus Found Downloader.Generic5.XGC
BitDefender Found Trojan.Downloader.Bagle.DF
ClamAV Found Trojan.Bagle-4
CPsecure Found W32.Email.W.Bagle.jc
Dr.Web Found Win32.HLLM.Beagle
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found Trojan-Downloader.Win32.Bagle.cw
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Bagle.cw
NOD32 Found Win32/Bagle.JC
Norman Virus Control Found W32/Mitglied.AGS
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found I-Worm.Bagle.OD
VBA32 Found nothing
-------------------------------------------------------------------
VirusTotal - Free Online Virus and Malware Scan - Result

File received on 09.02.2007 11:17:54 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 18/32 (56.25%)
Loading server information...
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned
(position: ) for an undefined time.


AntivirusVersionLast UpdateResult
AhnLab-V32007.9.1.02007.09.01-
AntiVir7.4.1.662007.09.01TR/Bagle.Gen.B
Authentium4.93.82007.09.02-
Avast4.7.1029.02007.09.01Win32:Beagle-WS
AVG7.5.0.4842007.09.01Downloader.Generic5.XGC
BitDefender7.22007.09.02Trojan.Downloader.Bagle.DF
CAT-QuickHeal9.002007.09.01TrojanDownloader.Bagle.cw
ClamAV0.91.22007.09.02-
DrWeb4.332007.09.01Win32.HLLM.Beagle
eSafe7.0.15.02007.08.29suspicious Trojan/Worm
eTrust-Vet31.1.51002007.08.31-
Ewido4.02007.09.02-
FileAdvisor12007.09.02-
Fortinet3.11.0.02007.09.02W32/PackBag.A
F-Prot4.3.2.482007.09.02-
F-Secure6.70.13030.02007.09.02Trojan-Downloader.Win32.Bagle.cw
IkarusT3.1.1.122007.09.02-
Kaspersky4.0.2.242007.09.02Trojan-Downloader.Win32.Bagle.cw
McAfee51102007.08.31New Poly Win32
Microsoft1.28032007.09.02Worm:Win32/Bagle.gen!C
NOD32v224972007.09.01Win32/Bagle.JC
Norman5.80.022007.08.31W32/Mitglied.AGS
Panda9.0.0.42007.09.01-
Prevx1V22007.09.02-
Rising19.38.61.002007.09.02-
Sophos4.21.02007.09.02-
Sunbelt2.2.907.02007.08.31VIPRE.Suspicious
Symantec102007.09.02-
TheHacker6.1.9.1752007.08.31W32/Bagle.jc
VBA323.12.2.32007.09.01-
VirusBuster4.3.26:92007.09.02I-Worm.Bagle.OD
Webwasher-Gateway6.0.12007.09.01Trojan.Bagle.Gen.B
Additional information
File size: 315781 bytes
MD5: 8247c16432d8e81da5ee15f90e4e8eef
SHA1: e8ecc3d658ea3cd0ffc70c1c3785ec05f7ed0841
Sunbelt info: VIPRE.Suspicious is a generic detection for potential
threats that are deemed suspicious through heuristics.

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com
---------------------------------------------------------------------------------

post Sep 2 2007, 04:34 AM
Post #8


Bleepin' Janitor
******

Group: Moderator
Posts: 4,717
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513




Have you tried downloading and scanning with the MS Malicious Software Removal Tool?
click on the link "Skip the details and download the tool"
The tool has three scan options:
1. Quick scan: Scans areas of the system most likely to contain malicious software.
2. Full scan: Scans the entire system but can take up to several hours to complete.
3. Customized scan: In addition to a quick scan, the tool will also scan the contents of a user-specified folder.


---------------------------------------------------------------------------

post Yesterday, 07:17 PM
Post #9


New Member
*

Group: Members
Posts: 5
Joined: 31-August 07
Member No.: 153,877




yes, thanks. i had already tried that. ditto the kapersky? online scanner. maybe
someone can tell where the problem is by looking at a hijack this log? or since it's
deleting specific files like ntoskrnl.exe and chkdsk.exe, is there some place on my
computer i can search for a list of those names, perhaps in the registry? or are
those names coded directly into the virus file that might be on my system so that
is not an option? arrg! maybe there is some program that can copy this
current registry and the registry from an older cloned drive and then compare
the two?
--------------------------------------------------------------------------------------

post Today, 06:11 AM
Post #10


Bleepin' Janitor
******

Group: Moderator
Posts: 4,717
Joined: 9-July 05
From: Virginia, USA
Member No.: 26,513




QUOTE
maybe someone can tell where the problem is by looking at a hijack this log?


Please read and follow all instructions in the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". You

may have performed some of these steps already. If you can't perform a step, then skip and continue with the next. In step #9 there

are instructions for downloading HijackThis and creating a log. (This is a self-extracting version which will automatically install

HJT in the proper location.)

When you have done that, post your log in the HijackThis Logs and Analysis Forum, NOT here, for assistance by the HJT Team Experts.

A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread,

the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any

others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti

-malware tools you have used and a summary of any steps that you have performed on your own. Please include the top portion of the

HijackThis log that lists version information. An expert will analyze your log and reply with instructions advising you what to fix.

After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before

yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT

make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings

that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there

will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not

open the thread to respond.



---------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:50 PM, on 9/4/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Windows\System32\ThpSrv.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Say the Time\SayTime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\RKS Fax\rksfax_control.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR-362\WinRAR.exe
C:\Users\mda\AppData\Local\Temp\Rar$EX00.524\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (file missing)
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s
O4 - HKLM\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RKS Fax Print Controller] "C:\Program Files\RKS Fax\rksfax_control.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [KeyMapperStarup] C:\0-1\KeyRemapper.exe /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Say the Time.lnk = C:\Program Files\Say the Time\SayTime.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DD34DF5-B0C0-4FE9-B1E5-8823104BB5B8}: NameServer = 206.13.31.12,206.13.28.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{2DD34DF5-B0C0-4FE9-B1E5-8823104BB5B8}: NameServer = 206.13.31.12,206.13.28.12
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\system32\bgsvcgen.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: THotkey (THOTKEY) - TOSHIBA Corporation - C:\Windows\SYSTEM32\THOTKEY.EXE
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9900 bytes

BC AdBot (Login to Remove)

 


#2 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 18 September 2007 - 06:14 PM

Hello mda, sorry for the delay. My name is Rorschach and I'll be helping you with your problems.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

#3 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 20 September 2007 - 10:06 PM

thanks for the reply. here is the info i could get. deckard ran fine. kapersky ran okay,
aside from being very slow to load over a dial-up connection (i suddenly can't connect via
dsl as the tcp/ipv4 ip addresses keep vanishing from the local area connection properties
window). gmer kept crashing when i tried to run it. i've included a copy of the crash
info plus the log almost up to the point where it crashed.



---------------------------------------------------------------------------------

main.txt:


Deckard's System Scanner v20070905.67
Run by mda on 2007-09-19 10:29:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.
Performed disk cleanup.



-- Hi Clone ------------------------------------------------------------

Emulating logfile of Hi v1.99.1
Scan saved at 2007-09-19 10:32:32
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\dwm.exe
C:\Windows\System32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\System32\ThpSrv.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Say the Time\SayTime.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\RKS Fax\rksfax_control.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Windows\explorer.exe
C:\0\Deckard's System Scanner-dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKEY_LOCAL_MACHINE\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKEY_LOCAL_MACHINE\..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s
O4 - HKEY_LOCAL_MACHINE\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [000StTHK] 000StTHK.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [RKS Fax Print Controller] "C:\Program Files\RKS Fax\rksfax_control.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [KeyMapperStarup] C:\0-1\KeyRemapper.exe /background
O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: Say the Time.lnk = C:\Program Files\Say the Time\SayTime.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} () - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} () - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EC1D28E-BD14-4A2F-8305-1BD997F7FC9E}: NameServer = 206.13.31.12,206.13.28.12
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: psfus - C:\Windows\System32\psqlpwd.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - "C:\Windows\system32\bgsvcgen.exe"
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - "C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - "C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe"
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"
O23 - Service: RoxMediaDB9 - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
O23 - Service: stllssvr - MicroVision Development, Inc. - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
O23 - Service: Swupdtmr - Unknown owner - C:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: THOTKEY - TOSHIBA Corporation - C:\Windows\System32\THotkey.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 HSCA32 - c:\windows\system32\drivers\hsca32.sys <Not Verified; Interfirm Technology; High Speed CardBus Adapter>
R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 oreans32 - \??\c:\windows\system32\drivers\oreans32.sys
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not Verified; InterVideo, Inc.; InterVideo ASPI Shell>

S3 KS-959 (Kingsun KS-959 USB Infrared Adapter) - c:\windows\system32\drivers\ks-959.sys <Not Verified; Kingsun Corporation; KSC Infrared Driver.>
S4 KR10I - c:\windows\system32\drivers\kr10i.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR10N - c:\windows\system32\drivers\kr10n.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR3NPXP - c:\windows\system32\drivers\kr3npxp.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
R2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA>

S2 THOTKEY - c:\windows\system32\thotkey.exe <Not Verified; TOSHIBA Corporation; TOSHIBA THotkey>
S3 bgsvcgen (B's Recorder GOLD Library General Service) - "c:\windows\system32\bgsvcgen.exe" <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
S3 IDriverT (InstallDriver Table Manager) - "c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe" (file missing)
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-08-19 and 2007-09-19 -----------------------------

2007-09-05 10:52:19 0 d-------- C:\Windows\system32\catroot2
2007-09-05 01:46:34 0 d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Google
2007-09-04 18:25:50 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-09-04 18:13:51 0 d-------- C:\Windows\system32\ZoneLabs
2007-09-04 18:13:50 0 d-------- C:\Documents and Settings\All Users\CheckPoint
2007-09-04 18:13:50 0 d-------- C:\Documents and Settings\All Users\Application Data\CheckPoint
2007-09-01 05:49:02 0 d-------- C:\Windows\BDOSCAN8
2007-09-01 05:37:56 0 d-------- C:\STWIN
2007-08-31 17:03:28 262144 --a------ C:\ntuser.dat
2007-08-29 00:56:50 0 d-------- C:\Program Files\Sophos
2007-08-28 10:46:40 0 d-------- C:\Program Files\Uniblue
2007-08-28 01:14:16 0 d--hs---- C:\found.001
2007-08-28 00:28:46 0 d-------- C:\Program Files\RKS Fax
2007-08-26 14:25:59 0 d-------- C:\Program Files\Alwil Software
2007-08-26 13:05:37 0 d-------- C:\Windows\Internet Logs
2007-08-26 10:04:04 0 d-------- C:\Program Files\Alwil Software-2
2007-08-26 06:16:44 0 d-------- C:\Windows\Sun
2007-08-26 04:05:57 27648 --a------ C:\Windows\system32\sfppm.dll <Not Verified; ; Snappy Fax Printer>
2007-08-25 11:45:56 27648 --a------ C:\Windows\system32\rksfaxpm.dll <Not Verified; ; RKS Fax>
2007-08-24 15:10:56 41 --a------ C:\Windows\WFXDEL.BAT
2007-08-24 15:10:55 0 d-------- C:\Program Files\Symantec
2007-08-24 14:01:04 0 dr------- C:\Documents and Settings\mda\Contacts
2007-08-24 12:59:27 0 d-------- C:\Program Files\QuickTime
2007-08-24 12:59:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-24 12:59:21 0 d-------- C:\Documents and Settings\All Users\Apple Computer
2007-08-23 22:06:21 0 d-------- C:\Program Files\Common Files\EZB Systems
2007-08-23 22:06:20 0 d-------- C:\Program Files\UltraISO
2007-08-23 21:56:08 0 d-------- C:\vlite2
2007-08-23 05:55:04 0 d-------- C:\Z
2007-08-21 17:26:43 32768 --a------ C:\Windows\system32\TWarnMsg.exe <Not Verified; TOSHIBA Corp.; TWarnMsg>
2007-08-21 17:26:43 253952 --a------ C:\Windows\system32\THotkey.exe <Not Verified; TOSHIBA Corporation; TOSHIBA THotkey>
2007-08-21 17:26:43 53248 --a------ C:\Windows\system32\InsSecRc.scr <Not Verified; TOSHIBA Corp.; TOSHIBA InsSec>
2007-08-21 17:26:43 53248 --a------ C:\Windows\system32\InsSec.scr <Not Verified; TOSHIBA Corp.; TOSHIBA InsSec>
2007-08-21 17:26:43 24576 --a------ C:\Windows\system32\000StTHK.exe
2007-08-21 17:26:34 0 d-------- C:\Common.temp
2007-08-21 03:00:30 0 d-------- C:\Program Files\Common Files\InstallShield


-- Find3M Report ---------------------------------------------------------------

2007-09-05 01:46:48 0 d-------- C:\Program Files\Google
2007-09-04 18:18:40 0 d-------- C:\Program Files\Common Files
2007-09-03 17:02:10 0 d-------- C:\Program Files\Windows Calendar
2007-08-28 13:11:44 0 d-------- C:\Program Files\MultiStage Recovery
2007-08-26 02:37:00 0 d-------- C:\Program Files\eMule
2007-08-25 15:09:27 0 d-------- C:\Program Files\InterActual
2007-08-24 17:14:22 0 d-------- C:\Program Files\WMR11
2007-08-21 18:53:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-21 18:52:04 0 d-------- C:\Program Files\Toshiba
2007-08-18 12:49:41 0 d-------- C:\Program Files\PowerDataRecovery
2007-08-18 12:26:22 0 d-------- C:\Program Files\UnErase
2007-08-18 12:09:31 0 d-------- C:\Program Files\Recover Files
2007-08-18 04:59:35 0 d-------- C:\Program Files\Undelete Plus
2007-08-18 03:55:31 0 d-------- C:\Program Files\Recover My Files
2007-08-17 02:44:40 0 d-------- C:\Program Files\DivX
2007-08-16 19:42:23 0 d-------- C:\Program Files\Acronis
2007-08-16 19:42:21 0 d-------- C:\Program Files\Common Files\Acronis
2007-08-16 18:45:20 0 d-------- C:\Program Files\Opera910
2007-08-15 10:38:12 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-15 10:04:20 0 d-------- C:\Program Files\Windows Mail
2007-08-13 05:44:05 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-08-11 13:58:12 0 d-------- C:\Program Files\HD Tune
2007-08-11 13:42:41 0 d-------- C:\Program Files\Simpli Software
2007-08-11 11:38:08 0 d-------- C:\Program Files\AusLogics BoostSpeed
2007-08-11 10:49:54 0 d-------- C:\Program Files\AusLogics Disk Defrag
2007-08-11 05:43:10 0 d-------- C:\Program Files\Paragon Software
2007-08-11 04:58:18 0 d-------- C:\Program Files\DiskTrix
2007-08-10 07:43:22 0 d-------- C:\Program Files\Opera 7.54 java
2007-08-04 22:45:47 1203 --a------ C:\Windows\mozver.dat
2007-08-04 05:27:26 45568 --a------ C:\Windows\system32\realbsf1.dll
2007-08-04 05:27:26 69632 --a------ C:\Windows\system32\realbap1.dll
2007-08-03 21:05:48 0 d-------- C:\Program Files\cMail eXpress
2007-07-30 04:50:13 0 d-------- C:\Program Files\ELECARD
2007-07-30 04:50:13 0 d-------- C:\Program Files\Common Files\Elecard
2007-07-28 04:22:06 0 d-------- C:\Program Files\CMS Products
2007-07-25 19:53:34 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-07-25 19:50:34 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-25 19:50:34 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-25 19:50:22 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-25 19:50:22 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-25 19:50:22 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-25 19:50:22 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-25 19:49:28 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-07-22 20:21:34 0 d-------- C:\Program Files\Replay AV 8
2007-07-22 20:18:52 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-07-22 20:09:14 0 d-------- C:\Program Files\Replay Media Catcher2
2007-07-22 06:15:22 0 d-------- C:\Program Files\nandub
2007-07-17 11:02:51 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-07-06 21:07:32 56976 --------- C:\Windows\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-07-06 21:07:32 122512 --a------ C:\Windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [12/03/2006 05:29 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/10/2007 05:48 AM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [09/11/2006 04:21 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [12/16/2005 03:41 AM]
"NDSTray.exe"="NDSTray.exe" []
"ThpSrv"="C:\Windows\system32\thpsrv /logon" []
"PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [07/20/2006 01:45 PM]
"TosAutLk"="C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [11/20/2006 07:14 PM]
"1A:Stardock TrayMonitor"="" []
"Say the Time"="C:\Program Files\Say the Time\SayTime.exe" [10/20/2006 07:19 PM]
"@"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [02/20/2007 04:44 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [02/20/2007 04:44 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [02/20/2007 04:44 PM]
"000StTHK"="000StTHK.exe" [06/23/2001 04:28 AM C:\Windows\System32\000StTHK.exe]
"TOSDCR"="C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe" [01/10/2007 10:59 AM]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [03/29/2007 10:39 AM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 04:49 PM]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [03/22/2007 11:46 AM]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [05/22/2007 04:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"RKS Fax Print Controller"="C:\Program Files\RKS Fax\rksfax_control.exe" [08/25/2007 06:46 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="TOSCDSPD.EXE" []
"KeyMapperStarup"="C:\0-1\KeyRemapper.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"1A:Stardock TrayMonitor"=

C:\Users\mda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Creative Element Power Tools Startup.lnk - C:\Program Files\Creative Element Power Tools\Startup.exe [6/6/2007 6:08:25 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [11/25/2006 9:29:44 AM]
Say the Time.lnk - C:\Program Files\Say the Time\SayTime.exe [6/29/2007 12:22:19 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [08/17/2006 02:57 PM 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 12/03/2006 05:50 PM 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40702afe-d9eb-11db-bf8c-0019d2878f74}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd6b680c-cdd2-11db-b8d7-806e6f6e6963}]
AutoRun\command- D:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-09-19 10:40:34 ------------




--------------------------------------------------------------------------------------------------



----------------------------------------------------------------------------------------------------------------------------------------------------------
Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Business (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T7600 @ 2.33GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.56 MiB / 1493.64 MiB
Pagefile Memory (total/avail): 4303.59 MiB / 3566.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.26 MiB

C: is Fixed (NTFS) - 195.85 GiB total, 118.06 GiB free.
D: is CDROM (UDF)
E: is Fixed (FAT32) - 29.99 GiB total, 10.45 GiB free.
F: is Removable (FAT32)
G: is Removable (FAT32)
H: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - SAMSUNG HM250JI ATA Device - 232.88 GiB - 4 partitions
\PARTITION0 - Unknown - 1506.06 MiB
\PARTITION1 (bootable) - Installable File System - 195.85 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 35.57 GiB - E:
\PARTITION3 - Unknown - 5.52 GiB

\\.\PHYSICALDRIVE1 - Memory C ard Adapter SCSI Disk Device - 3.79 GiB - 1 partition
\PARTITION0 - Unknown - 3.79 GiB - F:

\\.\PHYSICALDRIVE3 - SD Memory Card - 7.84 MiB - 1 partition
\PARTITION0 - Unknown - 7.63 GiB - G:

\\.\PHYSICALDRIVE2 - Generic1 Card Reader1 USB Device - 7.63 GiB - 1 partition
\PARTITION0 - 16-bit FAT - 7.63 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\mda\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MDA-PC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\mda
LOCALAPPDATA=C:\Users\mda\AppData\Local
LOGONSERVER=\\MDA-PC
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\IDM Computer Solutions\UltraCompare
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\mda\AppData\Local\Temp
TMP=C:\Users\mda\AppData\Local\Temp
USERDOMAIN=mda-PC
USERNAME=mda
USERPROFILE=C:\Users\mda
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

mda (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Windows\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{288A2B29-1EF4-4BC9-986B-86005873445D}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{859E588E-69FE-402e-9D74-9A2571E50C09}
--> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
--> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
--> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
3D Fish School Screen Saver 3.9 --> "C:\Program Files\3D Fish School 3\unins000.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Acronis Disk Director Suite --> MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Acronis Migrate Easy --> MsiExec.exe /X{3571A4C6-E0C6-47A7-B587-845CE2A6DEB0}
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5 Language Support --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705000000001}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver --> C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE
ANYCOM Blue PM-400 2.2 --> "C:\Program Files\ANYCOM\Blue PM-400\unins000.exe"
Aspell English Dictionary-0.50-2 --> "C:\Program Files\Opera 9\Aspell\unins000.exe"
AusLogics BoostSpeed --> "C:\Program Files\AusLogics BoostSpeed\unins000.exe"
AVI Joiner --> "C:\Program Files\avijoin\unins000.exe"
BitPim 1.0.0 --> "C:\Program Files\BitPim\unins000.exe"
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
cMail eXpress 1.4.0 --> C:\Program Files\cMail eXpress\uninst.exe
Creative Element Power Tools --> C:\Program Files\Creative Element Power Tools\uninstall.exe
Desktop Dialer --> C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DHTML Editing Component --> MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Eudora --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{803C5A5F-DA7A-4A60-BE53-C74C9725FE00}\setup.exe" -l0x9
GNU Aspell 0.50-3 --> "C:\Program Files\Opera 9\Aspell\unins001.exe"
HD Tach version 3 --> "C:\Program Files\Simpli Software\HD Tach\unins000.exe"
HD Tune 2.53 --> "C:\Program Files\HD Tune\unins000.exe"
HijackThis 2.0.0 --> "C:\000\DOWNLOADS-8-24-07\HijackThis.exe" /uninstall
HP USB Disk Storage Format Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9 anything
Image for Windows 1.70a --> "C:\Program Files\Image for Windows170a\unins000.exe"
Intel® PRO Network Connections Drivers --> Prounstl.exe
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Keyspan Mini Port Replicator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EAC3FEB-F152-4164-8F7B-2B77ED96E6DF}\Setup.exe" -l0x9
Keyspan USB Serial Adapter --> C:\Program Files\InstallShield Installation Information\{2E97DE76-851A-48AA-A0D6-665860FAD9CA}\setup.exe -runfromtemp -l0x0009 -removeonly
Klondike WAP Browser Personal Edition --> "C:\Program Files\Klondike WAP Browser\IsStub32.exe" -f"C:\Program Files\Klondike WAP Browser\DeIsL1.isu" -c"C:\Program Files\Klondike WAP Browser\_ISREG32.DLL"
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 --> MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer --> C:\Users\mda\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.6) -->
MPEG Joiner --> "C:\Program Files\avi--mpegjoin\unins000.exe"
mpowerplayer --> C:\Windows\system32\javaws.exe -uninstall -prompt "http://mpowerplayer.com/content/lib/player.jarjnlp"
MSXML 4.0 SP2 (KB927978) --> MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MultiStage Recovery 3.5 --> "C:\Program Files\MultiStage Recovery\unins000.exe"
Nero 7 Ultra Edition --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
O&O UnErase --> MsiExec.exe /X{534804B0-3563-434B-962A-BAF132B85F1F}
Online TV Player 3 --> "C:\Program Files\Online TV Player 3\unins000.exe"
Opera --> C:\PROGRA~1\OPERA7~1.54J\UnInst\UNWISE.EXE C:\PROGRA~1\OPERA7~1.54J\UnInst\Install.log
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
Paragon Total Defrag 2007 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D0EE2EF-CD4F-40CB-B6ED-A71B39E59742}\Setup.exe" -l0x9
Power Data Recovery 3.1.1 --> "C:\Program Files\PowerDataRecovery\unins000.exe"
PowerQuest PartitionMagic 8.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RATOC U2SCX Utility --> C:\Program Files\InstallShield Installation Information\{1CD976D3-1452-46B0-BA82-27454C54EAFA}\setup.exe -runfromtemp -l0x0009 -removeonly
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Recover Files 2.0 --> "C:\Program Files\Recover Files\unins000.exe"
Recover My Files --> "C:\Program Files\Recover My Files\unins000.exe"
RKS Fax --> "C:\Program Files\RKS Fax\unins000.exe"
Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{8BA18182-6951-4801-831B-2427BEFB4DD0}
Say the Time --> C:\Windows\unvise32.exe C:\Program Files\Say the Time\uninstal.log
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
SereneScreen Marine Aquarium 2.6 --> "C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SnapAPI --> MsiExec.exe /X{D4830EE9-E795-4CCA-AA7A-612A4E565977}
Sonic MyDVD-VR --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{897CA0D9-948F-4E5B-A20E-535E1060D3E6} /l1033
Sun Java ™ Wireless Toolkit 2.5.1 for CLDC --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A43D6F-F82D-455A-A425-8DDFF34C5AA7}\setup.exe" -l0x9 -removeonly
TBIView --> C:\Program Files\Image for Windows170a\TBIView\Uninst_TBIView.exe /U "C:\Program Files\Image for Windows170a\TBIView\Uninst_TBIView.log"
TMPGEnc DVD Author 3 with DivX Authoring --> MsiExec.exe /I{B1DE9317-0822-4A65-A496-3505D63FAEB6}
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator --> MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{617C36FD-0CBE-4600-84B2-441CEB12FADF} /l1033
TOSHIBA HDD Protection --> MsiExec.exe /X{94A90C69-71C1-470A-88F5-AA47ECC96B40}
TOSHIBA Recovery Disc Creator --> MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
Toshiba Registration --> MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Boot Utility --> MsiExec.exe /X{BBF5493A-05FB-4449-90DE-84A61EB78154}
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Security Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}\setup.exe" -l0x9 -removeonly
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
TOSHIBA Wireless Key Logon --> MsiExec.exe /X{FC4C645F-8EBC-4F1E-A517-D1505B43A374}
UltimateDefrag --> C:\Program Files\DiskTrix\UltimateDefrag\Uninstall.EXE /u:"UltimateDefrag"
UltraCompare Professional --> "C:\Program Files\IDM Computer Solutions\UltraCompare\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraCompare\install.log" -u
UltraISO Premium V8.63 --> "C:\Program Files\UltraISO\unins000.exe"
Undelete Plus 2.91 --> "C:\Program Files\Undelete Plus\unins000.exe"
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb936644) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B581052-BF85-4AA6-91C5-7B0090712B65}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Media Recorder --> C:\Program Files\Windows Media Recorder\WMR PRO 5.0\Uninstal.exe
WinDVD for TOSHIBA --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
WinPcap 4.0 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR-362-trial\uninstall.exe
WM Recorder 11.3 --> C:\Program Files\WMR11\Uninstal.exe
XviD Video Codec 1.1.2-01022007 --> C:\Program Files\XviD\uninst.exe
Yahoo! Music Jukebox --> "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Uninstall.exe"
YAMB --> C:\Program Files\YAMB\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type18463 / Success
Event Submitted/Written: 09/07/2007 04:27:30 PM
Event ID/Source: 5617 / WinMgmt
Event Description:


Event Record #/Type18462 / Success
Event Submitted/Written: 09/07/2007 04:27:29 PM
Event ID/Source: 5615 / WinMgmt
Event Description:


Event Record #/Type18460 / Success
Event Submitted/Written: 09/07/2007 04:26:53 PM
Event ID/Source: 902 / Software Licensing Service
Event Description:
The Software Licensing service has started.

Event Record #/Type18450 / Warning
Event Submitted/Written: 09/07/2007 04:06:38 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2755862826-2955483376-2596105867-1003_Classes:
Process 1060 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2755862826-2955483376-2596105867-1003_CLASSES

Event Record #/Type18449 / Warning
Event Submitted/Written: 09/07/2007 04:06:37 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2755862826-2955483376-2596105867-1003:
Process 1060 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-2755862826-2955483376-2596105867-1003



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type119209 / Warning
Event Submitted/Written: 09/19/2007 10:38:08 AM
Event ID/Source: 134 / W32Time
Event Description:
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.nist.gov,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Event Record #/Type119206 / Warning
Event Submitted/Written: 09/19/2007 10:32:45 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%mda-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %mda-PC27 can't undo changes that you allow.

For more information please see the following:
%mda-PC275

Scan ID: {2F33C983-BA56-4B21-8210-90C5A08F6C15}

User: mda-PC\mda

Name: %mda-PC271

ID: %mda-PC272

Severity ID: %mda-PC273

Category ID: %mda-PC274

Path Found: %mda-PC276

Alert Type: %mda-PC278

Detection Type: 1.1.1505.02

Event Record #/Type119205 / Warning
Event Submitted/Written: 09/19/2007 10:32:45 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%mda-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %mda-PC27 can't undo changes that you allow.

For more information please see the following:
%mda-PC275

Scan ID: {92AA3AEF-7CE9-4943-9F83-BD8E7C8A03A3}

User: mda-PC\mda

Name: %mda-PC271

ID: %mda-PC272

Severity ID: %mda-PC273

Category ID: %mda-PC274

Path Found: %mda-PC276

Alert Type: %mda-PC278

Detection Type: 1.1.1505.02

Event Record #/Type119204 / Warning
Event Submitted/Written: 09/19/2007 10:32:45 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%mda-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %mda-PC27 can't undo changes that you allow.

For more information please see the following:
%mda-PC275

Scan ID: {95314E47-C58C-4D77-9A53-A0BE02CA1B89}

User: mda-PC\mda

Name: %mda-PC271

ID: %mda-PC272

Severity ID: %mda-PC273

Category ID: %mda-PC274

Path Found: %mda-PC276

Alert Type: %mda-PC278

Detection Type: 1.1.1505.02

Event Record #/Type119203 / Warning
Event Submitted/Written: 09/19/2007 10:32:45 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%mda-PC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %mda-PC27 can't undo changes that you allow.

For more information please see the following:
%mda-PC275

Scan ID: {4D0BE4C0-B01B-4BFD-9DF8-C9B7A4E57074}

User: mda-PC\mda

Name: %mda-PC271

ID: %mda-PC272

Severity ID: %mda-PC273

Category ID: %mda-PC274

Path Found: %mda-PC276

Alert Type: %mda-PC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2007-09-19 10:40:34 ------------

#4 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 20 September 2007 - 10:10 PM

i had to edit the above- the site did not want to let me post the words "hijackthis"- it claimed it was an old version.

--------------------------------------------------------------------------------------------------------------------------------------------
kapersky

two logs- first is from before i posted to request help, second is after your reply.



KASPERSKY ONLINE SCANNER REPORT
Saturday, September 01, 2007 10:38:05 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 1/09/2007
Kaspersky Anti-Virus database records: 394703
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Folders
C:\$Recycle.Bin\
C:\0\
C:\0-1\
C:\0-copies-shared\
C:\0-java game player\
C:\0-keyboard\
C:\0Postoff\
C:\0-rapget\
C:\0-rapget124\
C:\0-rapget136resume\
C:\0-servers\
C:\0-USDownloader1342\
C:\ADAPTEC\
C:\Boot\
C:\Common.temp\
C:\CtzX1Inf\
C:\DOCS\
C:\Documents and Settings
C:\DOS\
C:\Downloads\
C:\found.000\
C:\found.001\
C:\hp-usb-drive-format-tool\
C:\Intel\
C:\inteltemp\
C:\MSOCache\
C:\My Videos\
C:\perflogs\
C:\Program Files\
C:\ProgramData\
C:\STWIN\
C:\System Volume Information\
C:\temp\
C:\TOSAPINS\
C:\Toshiba\
C:\URLHelper\
C:\Users\
C:\vlite2\
C:\Windows\
C:\WTK2.5.1\
C:\Y\
C:\Z\
Scan Statistics
Total number of scanned objects 107421
Number of viruses found 1
Number of infected objects 0
Number of suspicious objects 3
Duration of the scan process 00:54:05

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TM.blf Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Microsoft\Windows Defender\FileTracker\{84FE4ECB-FD14-4463-B465-56C8D5B19A68} Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Temp\~DFA44D.tmp Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Temp\~ROMFN_000009CC Object is locked skipped
C:\Documents and Settings\mda\AppData\Local\Temp\~ROMFN_00000BCC Object is locked skipped
C:\Documents and Settings\mda\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\cert8.db Object is locked skipped
C:\Documents and Settings\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\history.dat Object is locked skipped
C:\Documents and Settings\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\key3.db Object is locked skipped
C:\Documents and Settings\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\parent.lock Object is locked skipped
C:\Documents and Settings\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\search.sqlite Object is locked skipped
C:\Documents and Settings\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\mda\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\mda\ntuser.dat.LOG1 Object is locked skipped
C:\Documents and Settings\mda\ntuser.dat.LOG2 Object is locked skipped
C:\Documents and Settings\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf Object is locked skipped
C:\Documents and Settings\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Documents and Settings\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Program Files\avi--mpegjoin\Media4PC MPEG Joiner v1.02 crack by ICU-.zip/mpegjoiner.exe Suspicious: Type_Win32 skipped
C:\Program Files\avi--mpegjoin\Media4PC MPEG Joiner v1.02 crack by ICU-.zip ZIP: suspicious - 1 skipped
C:\Program Files\avi--mpegjoin\mpegjoiner.exe Suspicious: Type_Win32 skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.128.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.128.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy154.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf6067.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf6068.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050253.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\WindowsImageBackup\Catalog\BackupGlobalCatalog Object is locked skipped
C:\System Volume Information\WindowsImageBackup\Catalog\GlobalCatalog Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007090120070902\index.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TM.blf Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows Defender\FileTracker\{84FE4ECB-FD14-4463-B465-56C8D5B19A68} Object is locked skipped
C:\Users\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\mda\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\mda\AppData\Local\Temp\~DFA44D.tmp Object is locked skipped
C:\Users\mda\AppData\Local\Temp\~ROMFN_000009CC Object is locked skipped
C:\Users\mda\AppData\Local\Temp\~ROMFN_00000BCC Object is locked skipped
C:\Users\mda\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\cert8.db Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\formhistory.dat Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\history.dat Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\key3.db Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\parent.lock Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\search.sqlite Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\mda\NTUSER.DAT Object is locked skipped
C:\Users\mda\ntuser.dat.LOG1 Object is locked skipped
C:\Users\mda\ntuser.dat.LOG2 Object is locked skipped
C:\Users\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf Object is locked skipped
C:\Users\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ModemLogs\ModemLog_TOSHIBA Software Modem.txt Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3d4e88e9-6a70-11db-b1ba-d64300c9c793}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3d4e88e9-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3d4e88e9-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\FXSSVCDebugLogFile.txt Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\FXSTIFFDebugLogFile.txt Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3d4e88e5-6a70-11db-b1ba-d64300c9c793}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3d4e88e5-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3d4e88e5-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\chkdsk.exe Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\Temp\TMP0000004FF5B0D81C4ECEA550 Object is locked skipped
C:\Windows\Temp\TMP00000052832CABC00BF0351C Object is locked skipped
C:\Windows\Temp\TMP000000539B3745FC68B4A085 Object is locked skipped
C:\Windows\Temp\TMP0000005A924CEDB3D9B42DF1 Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-chkdsk_31bf3856ad364e35_6.0.6000.16386_none_bfaf97e48fc56cbc\chkdsk.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe Object is locked skipped
Scan process completed.

----------------------------------------------------------------------

-------------------------------------------------------------------------------
log 2



KASPERSKY ONLINE SCANNER REPORT
Thursday, September 20, 2007 5:16:25 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 21/09/2007
Kaspersky Anti-Virus database records: 421326
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 146582
Number of viruses found: 4
Number of infected objects: 25
Number of suspicious objects: 5
Duration of the scan process: 01:57:17

Infected Object Name / Virus Name / Last Action
C:\000\DOWNLOADS-4-26-07\Media4PC MPEG Joiner v1.02 crack by ICU-.zip/mpegjoiner.exe Suspicious: Type_Win32 skipped
C:\000\DOWNLOADS-4-26-07\Media4PC MPEG Joiner v1.02 crack by ICU-.zip ZIP: suspicious - 1 skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\avi--mpegjoin\Media4PC MPEG Joiner v1.02 crack by ICU-.zip/mpegjoiner.exe Suspicious: Type_Win32 skipped
C:\Program Files\avi--mpegjoin\Media4PC MPEG Joiner v1.02 crack by ICU-.zip ZIP: suspicious - 1 skipped
C:\Program Files\avi--mpegjoin\mpegjoiner.exe Suspicious: Type_Win32 skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.136.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.136.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy162.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf33FA.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf33FB.tmp Object is locked skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050253.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\WindowsImageBackup\Catalog\BackupGlobalCatalog Object is locked skipped
C:\System Volume Information\WindowsImageBackup\Catalog\GlobalCatalog Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TM.blf Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows\UsrClass.dat{dc88a9c7-d175-11db-8ef6-0019d2878f74}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\mda\AppData\Local\Microsoft\Windows Defender\FileTracker\{96697F69-3FAA-4E45-AC73-84C4946AFAF2} Object is locked skipped
C:\Users\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\mda\AppData\Local\Mozilla\Firefox\Profiles\1byjemkk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\mda\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\mda\AppData\Local\Temp\~DF4055.tmp Object is locked skipped
C:\Users\mda\AppData\Local\Temp\~DF4061.tmp Object is locked skipped
C:\Users\mda\AppData\Local\Temp\~DF50C2.tmp Object is locked skipped
C:\Users\mda\AppData\Local\Temp\~ROMFN_000008B8 Object is locked skipped
C:\Users\mda\AppData\Local\Temp\~ROMFN_00000D20 Object is locked skipped
C:\Users\mda\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\cert8.db Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\history.dat Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\key3.db Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\parent.lock Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\search.sqlite Object is locked skipped
C:\Users\mda\AppData\Roaming\Mozilla\Firefox\Profiles\1byjemkk.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\mda\NTUSER.DAT Object is locked skipped
C:\Users\mda\ntuser.dat.LOG1 Object is locked skipped
C:\Users\mda\ntuser.dat.LOG2 Object is locked skipped
C:\Users\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf Object is locked skipped
C:\Users\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\mda\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\ModemLogs\ModemLog_TOSHIBA Software Modem.txt Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3d4e88e9-6a70-11db-b1ba-d64300c9c793}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3d4e88e9-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3d4e88e9-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\FXSSVCDebugLogFile.txt Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\FXSTIFFDebugLogFile.txt Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3d4e88e5-6a70-11db-b1ba-d64300c9c793}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3d4e88e5-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3d4e88e5-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\chkdsk.exe Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-chkdsk_31bf3856ad364e35_6.0.6000.16386_none_bfaf97e48fc56cbc\chkdsk.exe Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16386_none_69f99fa4b7380194\ntoskrnl.exe Object is locked skipped
E:\1TEMPDL\SERVER\SERVU\SERVU20.ZIP/SERV-U32.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.20 skipped
E:\1TEMPDL\SERVER\SERVU\SERVU20.ZIP ZIP: infected - 1 skipped
E:\1TEMPDL\UTILITY\ZIP\PKZCRACK.ZIP/CRACK.EXE Infected: not-a-virus:PSWTool.Win32.ZipANV skipped
E:\1TEMPDL\UTILITY\ZIP\PKZCRACK.ZIP ZIP: infected - 1 skipped
E:\1TEMPDL\UTILITY\ZIP\ZIPCRACK.ZIP/CRACK2.EXE Infected: not-a-virus:PSWTool.Win32.ZipANV skipped
E:\1TEMPDL\UTILITY\ZIP\ZIPCRACK.ZIP ZIP: infected - 1 skipped
E:\0TEMPDL\TRUMPET\TWSK21F.ZIP/TRUMPING.EXE Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\0TEMPDL\TRUMPET\TWSK21F.ZIP ZIP: infected - 1 skipped
E:\WIN95-PRGS\0ADDED\TRUMP30C\TRUMP30C.EXE/TRUMPING.EX_/TRUMPING Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\WIN95-PRGS\0ADDED\TRUMP30C\TRUMP30C.EXE/TRUMPING.EX_ Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\WIN95-PRGS\0ADDED\TRUMP30C\TRUMP30C.EXE ZIP: infected - 2 skipped
E:\E-ON-WIN95-5-4-07\CSERVE\SERVU\SERVU20.ZIP/SERV-U32.EXE Infected: not-a-virus:Server-FTP.Win32.Serv-U.20 skipped
E:\E-ON-WIN95-5-4-07\CSERVE\SERVU\SERVU20.ZIP ZIP: infected - 1 skipped
E:\E-ON-WIN95-5-4-07\CSERVE\TRUMP21F\TRUMPING.EXE Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\E-ON-WIN95-5-4-07\CSERVE\TRUMP21F\TWSK21F.ZIP/TRUMPING.EXE Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\E-ON-WIN95-5-4-07\CSERVE\TRUMP21F\TWSK21F.ZIP ZIP: infected - 1 skipped
E:\E-ON-WIN95-5-4-07\NETSCAPE\TRUMPET\WINAPPS\TRUMPING.EXE Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\E-ON-WIN95-5-4-07\NETSCAPE\TRUMPET3\ZIPS\TWSK30A.EXE/TRUMPING.EX_/TRUMPING Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\E-ON-WIN95-5-4-07\NETSCAPE\TRUMPET3\ZIPS\TWSK30A.EXE/TRUMPING.EX_ Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\E-ON-WIN95-5-4-07\NETSCAPE\TRUMPET3\ZIPS\TWSK30A.EXE ZIP: infected - 2 skipped
E:\C-OLD-WIN95-5-13-1997\0added\TRUMP30C\TRUMP30C.EXE/TRUMPING.EX_/TRUMPING Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\C-OLD-WIN95-5-13-1997\0added\TRUMP30C\TRUMP30C.EXE/TRUMPING.EX_ Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\C-OLD-WIN95-5-13-1997\0added\TRUMP30C\TRUMP30C.EXE ZIP: infected - 2 skipped
E:\C-OLD-WIN95-5-13-1997\TRUMP30C\WINAPPS\TRUMPING.EXE Infected: not-a-virus:NetTool.Win32.ICMPPing skipped
E:\C-WIN95--5-9-07\TRUMP30C\WINAPPS\TRUMPING.EXE Infected: not-a-virus:NetTool.Win32.ICMPPing skipped

Scan process completed.



-------------------------------------------------------------------------------------------------------------------------------------------

#5 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 20 September 2007 - 10:21 PM

-------------------------------------------------------------------------------------------------------------------------------------------
forgot to mention- the above lists some viruses. they are not, as far as i know. they all were there long before this
current problem occurred.

------------------------------------------------------------------------------------------------------------------------------------------

gmer crash info

Problem signature:
Problem Event Name: APPCRASH
Application Name: gmer.exe
Application Version: 1.0.13.12551
Application Timestamp: 4684b6ea
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6000.16386
Fault Module Timestamp: 4549bdc9
Exception Code: c0000005
Exception Offset: 00067036
OS Version: 6.0.6000.2.0.0.256.6
Locale ID: 1033
Additional Information 1: 6688
Additional Information 2: f0ea03f7a97f33c0c6bcfd0358e16c74
Additional Information 3: 3fc7
Additional Information 4: 026775a124c2f7e5470a20a2f58f0901

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409


--------------------------------------------------------------------------------------------------------------------------------------------------

gmer log up to crash point




GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-20 13:06:44
Windows 6.0.6000


---- System - GMER 1.0.13 ----

SSDT 88C8BAE4 SSDT[60]
SSDT 88C8BE28 SSDT[133]
SSDT 88C8BB74 SSDT[136]
SSDT 88C8C0C8 SSDT[218]
SSDT 88C8C496 SSDT[234]
SSDT 88C8C26E SSDT[248]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[0]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[1]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[2]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[3]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[4]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[5]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[6]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[7]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A14182] PUSH 0000021C; RET SSDT[8]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[9]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[10]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[11]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[12]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[13]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[14]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[15]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[16]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[17]
SSDT \SystemRoot\system32\ntoskrnl.exe [829C95B8] PUSH 000000A0; RET SSDT[18]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[19]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[20]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[21]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[22]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[23]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[24]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[25]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[26]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[27]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[28]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[29]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[30]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[31]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[32]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[33]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[34]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[35]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[36]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[37]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[38]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[39]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[40]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[41]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[42]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[43]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[44]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[45]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[46]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[47]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[48]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[49]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[50]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[51]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[52]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[53]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[54]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[55]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[56]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[57]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[58]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[59]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[61]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[62]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[63]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[64]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[65]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[66]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[67]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[68]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[69]
SSDT \SystemRoot\system32\ntoskrnl.exe [82942905] PUSH 000000CC; RET SSDT[70]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[71]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[72]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[73]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[74]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[75]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[76]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[77]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A6BA13] PUSH 00000308; RET SSDT[78]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[79]
SSDT \SystemRoot\system32\ntoskrnl.exe [829946DF] PUSH 000000AC; RET SSDT[80]
SSDT \SystemRoot\system32\ntoskrnl.exe [8297869A] PUSH 00000080; RET SSDT[81]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[82]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A7F764] PUSH 000000D8; RET SSDT[83]
SSDT \SystemRoot\system32\ntoskrnl.exe [82941DFE] PUSH 000000E8; RET SSDT[84]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[85]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[86]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[87]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[88]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[89]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[90]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[91]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[92]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[93]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[94]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[95]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[96]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[97]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[98]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[99]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[100]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[101]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[102]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[103]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[104]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[105]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[106]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[107]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[108]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[109]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[110]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[111]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[112]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[113]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[114]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[115]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[116]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[117]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[118]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[119]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[120]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[121]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[122]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[123]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[124]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[125]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[126]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[127]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[128]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[129]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[130]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[131]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[132]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[134]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[135]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[137]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[138]
SSDT \SystemRoot\system32\ntoskrnl.exe [8299C69C] PUSH 0000021C; RET SSDT[139]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[140]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[141]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[142]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[143]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[144]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[145]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A5FCA2] PUSH 0000020C; RET SSDT[146]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[147]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[148]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[149]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[150]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[151]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[152]
SSDT \SystemRoot\system32\ntoskrnl.exe [82988109] PUSH 000001C8; RET SSDT[153]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[154]
SSDT \SystemRoot\system32\ntoskrnl.exe [828BDFB0] PUSH 00000504; RET SSDT[155]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[156]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[157]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[158]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[159]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[160]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[161]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[162]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[163]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[164]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[165]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[166]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[167]
SSDT \SystemRoot\system32\ntoskrnl.exe [829774F6] PUSH 000000F0; RET SSDT[168]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[169]
SSDT \SystemRoot\system32\ntoskrnl.exe [8298A1FB] PUSH 000008A8; RET SSDT[170]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[171]
SSDT \SystemRoot\system32\ntoskrnl.exe [82817E25] PUSH 00000084; RET SSDT[172]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[173]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[174]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[175]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[176]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[177]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[178]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[179]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[180]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[181]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[182]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[183]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[184]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[185]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[186]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[187]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[188]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[189]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[190]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[191]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[192]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[193]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[194]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[195]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[196]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[197]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[198]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[199]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[200]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[201]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[202]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[203]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[204]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[205]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A07E61] PUSH 00000354; RET SSDT[206]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[207]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[208]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[209]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[210]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[211]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A1F749] PUSH 00000168; RET SSDT[212]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[213]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[214]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[215]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[216]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[217]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[219]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[220]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[221]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[222]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A23D28] PUSH 00000168; RET SSDT[223]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[224]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[225]
SSDT \SystemRoot\system32\ntoskrnl.exe [8296AD11] PUSH 00000178; RET SSDT[226]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[227]
SSDT \SystemRoot\system32\ntoskrnl.exe [829D79A9] PUSH 00000234; RET SSDT[228]
SSDT \SystemRoot\system32\ntoskrnl.exe [829F4229] PUSH 000000E0; RET SSDT[229]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A1CEB4] PUSH 00000198; RET SSDT[230]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[231]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[232]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[233]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[235]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[236]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A06F68] PUSH 00000094; RET SSDT[237]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[238]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[239]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[240]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[241]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[242]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[243]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[244]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[245]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[246]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[247]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[249]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[250]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[251]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[252]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[253]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[254]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[255]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[256]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[257]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[258]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[259]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[260]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[261]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[262]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[263]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[264]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[265]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[266]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[267]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[268]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[269]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[270]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[271]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[272]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[274]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[275]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[276]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[277]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[278]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[279]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[280]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[281]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[282]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[283]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[284]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[285]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[288]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A20AE7] PUSH 0000009C; RET SSDT[290]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[291]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[292]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[293]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[294]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[295]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[296]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[297]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[298]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[299]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[300]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[301]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[302]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[303]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[304]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[305]
SSDT \SystemRoot\system32\ntoskrnl.exe [829AFE73] PUSH 00000274; RET SSDT[306]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A283BF] PUSH 00000080; RET SSDT[307]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[308]
SSDT \SystemRoot\system32\ntoskrnl.exe [829D168A] PUSH 000001C4; RET SSDT[309]
SSDT \SystemRoot\system32\ntoskrnl.exe [829DF5BC] PUSH 000000E4; RET SSDT[310]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A2157A] PUSH 00000120; RET SSDT[311]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[312]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[313]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[314]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[315]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[316]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[317]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[318]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[319]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[320]
SSDT \SystemRoot\system32\ntoskrnl.exe [829F774B] PUSH 00000104; RET SSDT[321]
SSDT \SystemRoot\system32\ntoskrnl.exe [82ABD848] PUSH 000000FC; RET SSDT[322]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[323]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[324]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[325]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[326]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[327]
SSDT \SystemRoot\system32\ntoskrnl.exe [829B3086] PUSH 00000080; RET SSDT[328]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[329]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[330]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[331]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[332]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[333]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[334]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[335]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[336]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[337]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[338]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[339]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[340]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[341]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[342]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[343]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[344]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[345]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[346]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[347]
SSDT \SystemRoot\system32\ntoskrnl.exe [8298052B] PUSH 000000C0; RET SSDT[348]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A27CF4] PUSH 000000CC; RET SSDT[349]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[350]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[351]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[352]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[353]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A3C183] PUSH 00000094; RET SSDT[354]
SSDT \SystemRoot\system32\ntoskrnl.exe [829E25CB] PUSH 00000114; RET SSDT[355]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[356]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[357]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[358]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[359]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[360]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[361]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[362]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[363]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[364]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[365]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[366]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[367]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[368]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[369]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A639EF] PUSH 00000118; RET SSDT[370]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A6DF18] PUSH 000000D4; RET SSDT[371]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A6E185] PUSH 000000D4; RET SSDT[372]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[373]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[374]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[375]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[376]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[377]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[378]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[379]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[380]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[381]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[382]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[383]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[384]
SSDT \SystemRoot\system32\ntoskrnl.exe [828D75C9] PUSH 00000080; RET SSDT[385]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[386]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[387]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A041D3] PUSH 000003B0; RET SSDT[388]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A10E79] PUSH 00000414; RET SSDT[389]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[390]
SSDT \SystemRoot\system32\ntoskrnl.exe [82A00958] PUSH 00000090; RET SSDT[391]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[393]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[394]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[395]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[396]
SSDT \SystemRoot\system32\ntoskrnl.exe SSDT[397]

---- Kernel code sections - GMER 1.0.13 ----

? system32\ntoskrnl.exe The system cannot find the file specified.

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6CC788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6CC78B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6CC788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6CC78C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6CC788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6CC78B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6CC7952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6CC79AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6CC72E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6CC72C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6CC72A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6CC7883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6CC79A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6CC79CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6CC78FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6CC78F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6CC7A275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6CC79AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6CC7952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6CC79C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6CC79CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6CC79DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6CC7883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6CC78C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6CC788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6CC78B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6CC78FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6CC78C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6CC79CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6CC79A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6CC79498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6CC79DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6CC7883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6CC78EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6CC78C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6CC78FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6CC79DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX11.314\gmer.exe[816] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6F361923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Protector Suite QL\psqltray.exe[3652] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6F361923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[3892] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6CC788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6CC78B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6CC788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6CC78C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6CC788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6CC78B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6CC7952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6CC79AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6CC72E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6CC72C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6CC72A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6CC7883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6CC79A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6CC79CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6CC78FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6CC78F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6CC7A275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6CC79AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6CC7952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6CC79C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6CC79CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6CC79DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6CC7883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6CC78C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6CC788F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6CC78B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6CC78FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6CC78C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6CC79CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6CC79A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6CC79498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6CC79DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6CC7883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6CC79741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6CC78EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6CC78C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6CC78A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6CC78FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6CC79DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6CC7A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CC79639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6CC79BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\mda\AppData\Local\Temp\Rar$EX00.480\gmer.exe[4372] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CC79815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW] [6DF5D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [6DF5D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [6DF5D6EF] C:\Windows\AppPatch\AcSpecfc.DLL
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\system32\SearchProtocolHost.exe[5408] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [70994618] C:\Windows\system32\ShimEng.dll

#6 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 20 September 2007 - 10:24 PM

gmer part 2, total was too long



---- Devices - GMER 1.0.13 ----

Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_CREATE [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_CREATE_NAMED_PIPE [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_CLOSE [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_READ [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_WRITE [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_QUERY_INFORMATION [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_SET_INFORMATION [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_QUERY_EA [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_SET_EA [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_FLUSH_BUFFERS [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_QUERY_VOLUME_INFORMATION [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_SET_VOLUME_INFORMATION [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_DIRECTORY_CONTROL [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_FILE_SYSTEM_CONTROL [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_DEVICE_CONTROL [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_INTERNAL_DEVICE_CONTROL [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_SHUTDOWN [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_LOCK_CONTROL [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_CLEANUP [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_CREATE_MAILSLOT [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_QUERY_SECURITY [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_SET_SECURITY [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_POWER [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_SYSTEM_CONTROL [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_DEVICE_CHANGE [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_QUERY_QUOTA [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_SET_QUOTA [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager IRP_MJ_PNP [8D4D7B70] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoCheckIfPossible [8D4D7EC0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoRead [8D4D7F10] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoWrite [8D4D7F60] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoQueryBasicInfo [8D4D7FB0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoQueryStandardInfo [8D4D7FF0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoLock [8D4D8030] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoUnlockSingle [8D4D8080] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoUnlockAll [8D4D80C0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoUnlockAllByKey [8D4D80F0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoDeviceControl [8D4D8130] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoDetachDevice [8D4D8180] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoQueryNetworkOpenInfo [8D4D81B0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager AcquireForModWrite [8D4D81F0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager MdlRead [8D4D8230] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager MdlReadComplete [8D4D8270] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager PrepareMdlWrite [8D4D82A0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager MdlWriteComplete [8D4D82E0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoReadCompressed [8D4D8310] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoWriteCompressed [8D4D8360] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager MdlReadCompleteCompressed [8D4D83B0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager MdlWriteCompleteCompressed [8D4D83E0] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager FastIoQueryOpen [8D4D8410] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager ReleaseForModWrite [8D4D8440] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager AcquireForCcFlush [8D4D8470] tifsfilt.sys
Device \FileSystem\tifsfilter \Device\TIFSFManager ReleaseForCcFlush [8D4D84A0] tifsfilt.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_CREATE [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_CREATE_NAMED_PIPE [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_CLOSE [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_READ [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_WRITE [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_QUERY_INFORMATION [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_SET_INFORMATION [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_QUERY_EA [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_SET_EA [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_FLUSH_BUFFERS [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_QUERY_VOLUME_INFORMATION [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_SET_VOLUME_INFORMATION [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_DIRECTORY_CONTROL [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_FILE_SYSTEM_CONTROL [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_DEVICE_CONTROL [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_INTERNAL_DEVICE_CONTROL [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_SHUTDOWN [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_LOCK_CONTROL [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_CLEANUP [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_CREATE_MAILSLOT [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_QUERY_SECURITY [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_SET_SECURITY [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_POWER [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_SYSTEM_CONTROL [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_DEVICE_CHANGE [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_QUERY_QUOTA [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_SET_QUOTA [83108880] timntr.sys
Device \Driver\timounter \Device\AcroVBus IRP_MJ_PNP [83108880] timntr.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE [80400F5E] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLOSE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_READ [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_WRITE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLEANUP [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_POWER [804010E0] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLOSE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_READ [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_WRITE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLEANUP [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_POWER [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_NAMED_PIPE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLOSE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_READ [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_WRITE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DIRECTORY_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FILE_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_LOCK_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLEANUP [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE_MAILSLOT [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_POWER [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CHANGE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_QUERY_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SET_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE [80400F5E] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLOSE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_READ [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_WRITE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER [804010E0] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLOSE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_READ [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_WRITE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_NAMED_PIPE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLOSE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_READ [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_WRITE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DIRECTORY_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FILE_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_LOCK_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE_MAILSLOT [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CHANGE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_QUERY_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SET_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE [80400F5E] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLOSE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_READ [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_WRITE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLEANUP [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_POWER [804010E0] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLOSE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_READ [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_WRITE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLEANUP [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_POWER [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_NAMED_PIPE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLOSE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_READ [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_WRITE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DIRECTORY_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FILE_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_LOCK_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLEANUP [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE_MAILSLOT [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_POWER [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CHANGE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_QUERY_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SET_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE [80400F5E] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLOSE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_READ [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_WRITE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLEANUP [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_POWER [804010E0] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLOSE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_READ [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_WRITE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLEANUP [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_POWER [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_NAMED_PIPE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLOSE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_READ [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_WRITE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DIRECTORY_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FILE_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_LOCK_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLEANUP [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE_MAILSLOT [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_POWER [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CHANGE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_QUERY_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SET_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE [80400F5E] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_NAMED_PIPE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLOSE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_READ [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_WRITE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DIRECTORY_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FILE_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_LOCK_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLEANUP [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_MAILSLOT [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_POWER [804010E0] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CHANGE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_NAMED_PIPE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLOSE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_READ [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_WRITE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DIRECTORY_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FILE_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_LOCK_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLEANUP [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_MAILSLOT [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_POWER [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CHANGE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_NAMED_PIPE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLOSE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_READ [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_WRITE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FLUSH_BUFFERS [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DIRECTORY_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_FILE_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_INTERNAL_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SHUTDOWN [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_LOCK_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CLEANUP [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_CREATE_MAILSLOT [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_POWER [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_DEVICE_CHANGE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_QUERY_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 IRP_MJ_SET_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE [80400F5E] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_NAMED_PIPE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLOSE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_READ [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_WRITE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DIRECTORY_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FILE_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_LOCK_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLEANUP [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_MAILSLOT [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_POWER [804010E0] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CHANGE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_NAMED_PIPE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLOSE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_READ [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_WRITE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DIRECTORY_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FILE_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_LOCK_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLEANUP [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_MAILSLOT [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_POWER [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CHANGE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_NAMED_PIPE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLOSE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_READ [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_WRITE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FLUSH_BUFFERS [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DIRECTORY_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_FILE_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_INTERNAL_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SHUTDOWN [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_LOCK_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CLEANUP [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_CREATE_MAILSLOT [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_POWER [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_DEVICE_CHANGE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_QUERY_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 IRP_MJ_SET_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE [80400F5E] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE_NAMED_PIPE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CLOSE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_READ [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_WRITE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_EA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_FLUSH_BUFFERS [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_VOLUME_INFORMATION [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DIRECTORY_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_FILE_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_INTERNAL_DEVICE_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SHUTDOWN [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_LOCK_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CLEANUP [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE_MAILSLOT [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_SECURITY [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_POWER [804010E0] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SYSTEM_CONTROL [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DEVICE_CHANGE [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_QUOTA [80400A96] hotcore3.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE_NAMED_PIPE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CLOSE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_READ [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_WRITE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_EA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_FLUSH_BUFFERS [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_VOLUME_INFORMATION [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DIRECTORY_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_FILE_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_INTERNAL_DEVICE_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SHUTDOWN [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_LOCK_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CLEANUP [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE_MAILSLOT [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_SECURITY [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_POWER [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SYSTEM_CONTROL [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DEVICE_CHANGE [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_QUOTA [83030710] snapman.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE_NAMED_PIPE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CLOSE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_READ [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_WRITE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_EA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_FLUSH_BUFFERS [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_VOLUME_INFORMATION [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DIRECTORY_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_FILE_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_INTERNAL_DEVICE_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SHUTDOWN [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_LOCK_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CLEANUP [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_CREATE_MAILSLOT [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_SECURITY [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_POWER [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SYSTEM_CONTROL [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_DEVICE_CHANGE [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_QUERY_QUOTA [83108880] timntr.sys
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 IRP_MJ_SET_QUOTA [83108880] timntr.sys

Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_CREATE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_CREATE_NAMED_PIPE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_CLOSE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_READ [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_WRITE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_QUERY_INFORMATION [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_SET_INFORMATION [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_QUERY_EA [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_SET_EA [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_FLUSH_BUFFERS [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_QUERY_VOLUME_INFORMATION [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_SET_VOLUME_INFORMATION [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_DIRECTORY_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_FILE_SYSTEM_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_DEVICE_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_INTERNAL_DEVICE_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_SHUTDOWN [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_LOCK_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_CLEANUP [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_CREATE_MAILSLOT [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_QUERY_SECURITY [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_SET_SECURITY [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_POWER [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_SYSTEM_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_DEVICE_CHANGE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_QUERY_QUOTA [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_SET_QUOTA [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARP IRP_MJ_PNP [8DF13538] wanarp.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_CREATE [899E4436] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_CREATE_NAMED_PIPE [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_CLOSE [899E4594] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_READ [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_WRITE [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_QUERY_INFORMATION [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_SET_INFORMATION [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_QUERY_EA [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_SET_EA [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_FLUSH_BUFFERS [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_QUERY_VOLUME_INFORMATION [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_SET_VOLUME_INFORMATION [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_DIRECTORY_CONTROL [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_FILE_SYSTEM_CONTROL [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_DEVICE_CONTROL [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_INTERNAL_DEVICE_CONTROL [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_SHUTDOWN [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_LOCK_CONTROL [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_CLEANUP [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_CREATE_MAILSLOT [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_QUERY_SECURITY [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_SET_SECURITY [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_POWER [899E43C0] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_SYSTEM_CONTROL [899E4144] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_DEVICE_CHANGE [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_QUERY_QUOTA [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_SET_QUOTA [899E1006] RootMdm.sys
Device \Driver\ROOTMODEM \Device\0000006a IRP_MJ_PNP [899E4252] RootMdm.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_CREATE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_CREATE_NAMED_PIPE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_CLOSE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_READ [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_WRITE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_QUERY_INFORMATION [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_SET_INFORMATION [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_QUERY_EA [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_SET_EA [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_FLUSH_BUFFERS [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_QUERY_VOLUME_INFORMATION [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_SET_VOLUME_INFORMATION [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_DIRECTORY_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_FILE_SYSTEM_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_DEVICE_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_INTERNAL_DEVICE_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_SHUTDOWN [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_LOCK_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_CLEANUP [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_CREATE_MAILSLOT [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_QUERY_SECURITY [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_SET_SECURITY [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_POWER [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_SYSTEM_CONTROL [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_DEVICE_CHANGE [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_QUERY_QUOTA [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_SET_QUOTA [8DF13538] wanarp.sys
Device \Driver\Wanarpv6 \Device\WANARPV6 IRP_MJ_PNP [8DF13538] wanarp.sys
Device \Driver\srosa \Device\srosa IRP_MJ_CREATE 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_CREATE_NAMED_PIPE 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_CLOSE 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_READ 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_WRITE 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_INFORMATION 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_SET_INFORMATION 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_EA 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_SET_EA 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_FLUSH_BUFFERS 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_VOLUME_INFORMATION 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_SET_VOLUME_INFORMATION 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_DIRECTORY_CONTROL 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_FILE_SYSTEM_CONTROL 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_DEVICE_CONTROL 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_INTERNAL_DEVICE_CONTROL 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_SHUTDOWN 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_LOCK_CONTROL 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_CLEANUP 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_CREATE_MAILSLOT 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_SECURITY 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_SET_SECURITY 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_POWER 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_SYSTEM_CONTROL 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_DEVICE_CHANGE 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_QUERY_QUOTA 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_SET_QUOTA 88C98F96
Device \Driver\srosa \Device\srosa IRP_MJ_PNP 88C98F96
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_CREATE [8D704F90] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_CLOSE [8D7051F0] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_READ [8D704DB0] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_WRITE [8D703D40] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_QUERY_INFORMATION [8D704E40] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_SET_INFORMATION [8D704F00] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_FLUSH_BUFFERS [8D706290] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_DEVICE_CONTROL [8D705760] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_INTERNAL_DEVICE_CONTROL [8D60F880] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_CLEANUP [8D7053F0] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_POWER [8D60FE50] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_SYSTEM_CONTROL [8D704F60] AGRSM.sys
Device \Driver\AgereSoftModem \Device\AGRSM_xface IRP_MJ_PNP [8D6105E0] AGRSM.sys

AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE [832EB7F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [832EB7F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CLOSE [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_READ [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_WRITE [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_INFORMATION [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_INFORMATION [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_EA [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_EA [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_FLUSH_BUFFERS [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [832EBDC8] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DEVICE_CONTROL [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SHUTDOWN [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_LOCK_CONTROL [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CLEANUP [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE_MAILSLOT [832EB7F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_SECURITY [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_SECURITY [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_POWER [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SYSTEM_CONTROL [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DEVICE_CHANGE [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_QUOTA [832D9B56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_QUOTA [832D9B56] fltmgr.sys

---- EOF - GMER 1.0.13 ----


------------------------------------------------------------------------------------------------------------------------------------------------------

#7 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 21 September 2007 - 09:47 AM

Hello mda

* Click here to download AVG Anti Rootkit and save it to your desktop.
  • Double-click on the AVG_AntiRootkit_1.1.0.42.exe file to run it.
  • Click "I Agree" to agree to the EULA.
  • By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
  • Click "Next" to begin the installation then click "Install".
  • It will then ask you to reboot now to finish the installation.
  • Click "Finish" and your computer will reboot.
  • After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
  • Click on the "Perform in-depth search" button to begin the scan.
  • The scan will take a while so be patient and let it complete.
  • When the scan is finished, click the "Save result to file" button.
  • Save the scan results to your desktop then come back here to copy and paste the results in your next reply to this thread.


Please download RUNSCANNER to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (optional) then click Start full computer scan at the bottom.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log
  • Call the file "Select a file name here" and save it to your desktop. You will see the .run file on your desktop. Please zip that file by right clicking and selecting send to Zip file
Then upload that as an attachment along with the log file produced in your next post.

#8 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 21 September 2007 - 05:43 PM

thanks for the reply.



this crashes in c:\documents and settings\all users\applications data\applications data\applications data\?

AVG_AntiRootkit_1.1.0.42 error, has stopped working.

Problem signature:
Problem Event Name: APPCRASH
Application Name: jJB.exe
Application Version: 1.1.0.29
Application Timestamp: 45c09ac4
Fault Module Name: ntdll.dll
Fault Module Version: 6.0.6000.16386
Fault Module Timestamp: 4549bdc9
Exception Code: c00000fd
Exception Offset: 000634f5
OS Version: 6.0.6000.2.0.0.256.6
Locale ID: 1033
Additional Information 1: 8d13
Additional Information 2: cdca9b1d21d12b77d84f02df48e34311
Additional Information 3: 8d13
Additional Information 4: cdca9b1d21d12b77d84f02df48e34311

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

it found one file before the crashes:

C:\Windows\System32\drivers\srosa.sys, Hidden driver file

------------------------------------------------------------

runscanner ran okay


Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : MDA-PC
Creation time : 9/21/2007 3:28:53 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16512
OS : Windows Vista ™ Business
OS Build : 6000
OS SP :
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

001 Running processes
---------------------
* c:\program files\apoint2k\apoint.exe (Alps Electric Co., Ltd.)
* c:\program files\apoint2k\apntex.exe (Alps Electric Co., Ltd.)
* c:\program files\apoint2k\apmsgfwd.exe (Alps Electric Co., Ltd.)
c:\program files\toshiba\toscdspd\toscdspd.exe (TOSHIBA)
c:\program files\toshiba\configfree\cfswmgr.exe (TOSHIBA CORPORATION)
c:\program files\toshiba\configfree\ndstray.exe (TOSHIBA CORPORATION)
* c:\program files\protector suite ql\psqltray.exe (UPEK Inc.)
c:\program files\ltmoh\ltmoh.exe (Agere Systems)
* c:\program files\rks fax\rksfax_control.exe
* c:\users\mda\appdata\local\temp\rar$ex00.310\runscanner.exe (Runscanner.net)
c:\program files\say the time\saytime.exe (Provenio Software Corporation)
* c:\program files\toshiba\smoothview\smoothview.exe (TOSHIBA Corporation)
c:\program files\toshiba\bluetooth toshiba stack\tosa2dp.exe (TOSHIBA CORPORATION.)
c:\program files\toshiba\bluetooth toshiba stack\tosbthid.exe (TOSHIBA CORPORATION.)
c:\program files\toshiba\bluetooth toshiba stack\tosbthsp.exe (TOSHIBA CORPORATION.)
c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe (TOSHIBA CORPORATION.)
* c:\program files\toshiba\flashcards\tcrdmain.exe (TOSHIBA Corporation)
* c:\windows\system32\thpsrv.exe (TOSHIBA Corporation)
c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
C:\Windows\system32\000stthk.exe
* C:\Program Files\toshiba\flashcards\tcrdmain.exe (TOSHIBA Corporation)
* c:\program files\apoint2k\apoint.exe (Alps Electric Co., Ltd.)
* C:\Program Files\toshiba\tbs\hson.exe (TOSHIBA Corporation)
c:\program files\ltmoh\ltmoh.exe (Agere Systems)
- ndstray.exe
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation)
* c:\windows\system32\nvmctray.dll (NVIDIA Corporation)
* c:\windows\system32\nvsvc.dll (NVIDIA Corporation)
c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
* c:\program files\protector suite ql\launcher.exe (UPEK Inc.)
c:\program files\quicktime\qttask.exe (Apple Inc.)
* c:\program files\rks fax\rksfax_control.exe
c:\program files\say the time\saytime.exe (Provenio Software Corporation)
* C:\Program Files\toshiba\smoothview\smoothview.exe (TOSHIBA Corporation)
* C:\windows\system32\thpsrv.exe (TOSHIBA Corporation)
c:\program files\toshiba\wirelesskeylogon\tosautlk.exe ( TOSHIBA CORPORATION)
* C:\Program Files\toshiba\passwordutility\tosdcr.exe (TOSHIBA Corporation)
* C:\Program Files\toshiba\power saver\tpwrmain.exe (TOSHIBA Corporation)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
- c:\0-1\keyremapper.exe
- toscdspd.exe

004 C:\Users\mda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
------------------------------------------------------------------------------
c:\progra~1\creati~1\startup.exe (Creative Element)

005 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
----------------------------------------------------------------
c:\progra~1\saythe~1\saytime.exe (Provenio Software Corporation)
c:\progra~1\toshiba\blueto~1\tosbtmng.exe (TOSHIBA CORPORATION.)

006 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\saythe~1\saytime.exe (Provenio Software Corporation)
c:\progra~1\toshiba\blueto~1\tosbtmng.exe (TOSHIBA CORPORATION.)

007 %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------------------
c:\progra~1\creati~1\startup.exe (Creative Element)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\common files\acronis\acronis disk director\oss_reinstall_svc.exe (Acronis OS Selector Reinstall Service)
* c:\program files\common files\acronis\schedule2\schedul2.exe (Acronis Scheduler2 Service)
* c:\windows\system32\agrsmsvc.exe (Agere Modem Call Progress Audio)
c:\windows\system32\bgsvcgen.exe (B's Recorder GOLD Library General Service)
c:\program files\toshiba\configfree\cfsvcs.exe (ConfigFree Service)
- c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe (InstallDriver Table Manager)
c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe (LiveShare P2P Server 9)
* c:\program files\nero\nero 7\nero backitup\nbservice.exe (NBService)
* c:\program files\common files\ahead\lib\nmindexingservice.exe (NMIndexingService)
* C:\Program Files\winpcap\rpcapd.exe (Remote Packet Capture Protocol v.0 (experimental))
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe (Roxio Hard Drive Watcher 9)
c:\program files\roxio\digital home 9\roxioupnprenderer9.exe (Roxio UPnP Renderer 9)
c:\program files\roxio\digital home 9\roxioupnpservice9.exe (Roxio Upnp Server 9)
c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe (RoxMediaDB9)
c:\program files\common files\surething shared\stllssvr.exe (stllssvr)
c:\toshiba\ivp\swupdate\swupdtmr.exe (Swupdtmr)
C:\Windows\system32\thotkey.exe (THotkey)
c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe (TOSHIBA Bluetooth Service)
* c:\windows\system32\thpsrv.exe (TOSHIBA HDD Protection)
c:\windows\system32\toddsrv.exe (TOSHIBA Optical Disc Drive Service)
* c:\program files\toshiba\power saver\toscosrv.exe (TOSHIBA Power Saver)
c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe (Ulead Burning Helper)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\Windows\system32\drivers\snapman.sys (Acronis Snapshots Manager)
C:\Windows\system32\drivers\timntr.sys (Acronis True Image Backup Archive Explorer)
* C:\Windows\system32\drivers\apfiltr.sys (Alps Pointing-device Filter Driver)
* C:\Windows\system32\drivers\aplmp50.sys (APLMp50 NDIS Protocol Driver)
C:\Windows\system32\drivers\avgarkt.sys (AVG Anti-Rootkit)
C:\Windows\system32\drivers\avgarcln.sys (Avg Anti-Rootkit Clean Driver)
C:\Windows\system32\drivers\gmer.sys (Base)
- c:\windows\system32\drivers\blbdrive.sys (blbdrive.sys)
* C:\Windows\system32\drivers\tosrfec.sys (Bluetooth ACPI)
* C:\Windows\system32\drivers\tosrfsnd.sys (Bluetooth Audio)
* C:\Windows\system32\drivers\tosporte.sys (Bluetooth COM Port)
* C:\Windows\system32\drivers\toshidpt.sys (Bluetooth HID Port)
* C:\Windows\system32\drivers\tosrfnds.sys (Bluetooth Personal Area Network)
* C:\Windows\system32\drivers\tosrfbnp.sys (Bluetooth RFBNEP)
* C:\Windows\system32\drivers\tosrfbd.sys (Bluetooth RFBUS)
* C:\Windows\system32\drivers\tosrfcom.sys (Bluetooth RFCOMM)
* C:\Windows\system32\drivers\tosrfhid.sys (Bluetooth RFHID)
* C:\Windows\system32\drivers\tosrfusb.sys (Bluetooth USB Controller)
* c:\windows\system32\drivers\brserid.sys (Brother MFC Serial Port Interface Driver (WDM))
* c:\windows\system32\drivers\brusbmdm.sys (Brother MFC USB Fax Only Modem)
* c:\windows\system32\drivers\brusbser.sys (Brother MFC USB Serial WDM Driver)
* c:\windows\system32\drivers\brfiltlo.sys (Brother USB Mass-Storage Lower Filter Driver)
* c:\windows\system32\drivers\brfiltup.sys (Brother USB Mass-Storage Upper Filter Driver)
* c:\windows\system32\drivers\brserwdm.sys (Brother WDM Serial driver)
- c:\windows\system32\drivers\portd2k.sys (CMS PortIO Service)
* C:\Windows\system32\drivers\hotcore3.sys (hotcore3)
* c:\windows\system32\drivers\iastorv.sys (Intel RAID Controller Vista)
* C:\Windows\system32\drivers\e1g60i32.sys (Intel® PRO/1000 NDIS 6 Adapter Driver)
* C:\Windows\system32\drivers\e1e6032.sys (Intel® PRO/1000 PCI Express Network Connection Driver)
* C:\Windows\system32\drivers\netw3v32.sys (Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit)
* C:\Windows\system32\drivers\netw4v32.sys (Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit)
- c:\windows\system32\drivers\ipinip.sys (IP in IP Tunnel Driver)
- c:\windows\system32\drivers\nwlnkflt.sys (IPX Traffic Filter Driver)
- c:\windows\system32\drivers\nwlnkfwd.sys (IPX Traffic Forwarder Driver)
* c:\windows\system32\drivers\iteatapi.sys (ITEATAPI_Service_Install)
* c:\windows\system32\drivers\iteraid.sys (ITERAID_Service_Install)
C:\Windows\system32\drivers\iviaspi.sys (IVI ASPI Shell)
* C:\Windows\system32\drivers\usa19h2kp.sys (Keyspan USB Serial Port Driver)
C:\Windows\system32\drivers\ks-959.sys (Kingsun KS-959 USB Infrared Adapter)
* C:\Windows\system32\drivers\lgusbbus.sys (LGE Mobile Composite USB Device)
* C:\Windows\system32\drivers\lgusbmodem.sys (LGE Mobile USB Modem)
* C:\Windows\system32\drivers\lgusbdiag.sys (LGE Mobile USB Serial Port)
* C:\Windows\system32\drivers\npf.sys (NetGroup Packet Filter Driver)
* c:\windows\system32\drivers\ntrigdigi.sys (N-trig HID Tablet Driver)
c:\windows\system32\drivers\oreans32.sys (oreans32)
* C:\Windows\system32\drivers\pxhelp20.sys (PxHelp20)
* c:\windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Miniport Driver)
* c:\windows\system32\drivers\ql40xx.sys (QLogic iSCSI Miniport Driver)
* C:\Windows\system32\drivers\siwinacc.sys (SATALink driver accelerator)
* C:\Windows\system32\drivers\siremfil.sys (SATALink External Device Filter)
* c:\windows\system32\drivers\arcsas.sys (SCSI miniport)
* c:\windows\system32\drivers\sym_hi.sys (SCSI Miniport)
* c:\windows\system32\drivers\sym_u3.sys (SCSI Miniport)
* c:\windows\system32\drivers\iirsp.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpahci.sys (SCSI Miniport)
* c:\windows\system32\drivers\symc8xx.sys (SCSI Miniport)
* c:\windows\system32\drivers\adp94xx.sys (SCSI Miniport)
* c:\windows\system32\drivers\ulsata2.sys (SCSI Miniport)
* c:\windows\system32\drivers\ulsata.sys (SCSI Miniport)
* c:\windows\system32\drivers\uliahci.sys (SCSI Miniport)
C:\Windows\system32\drivers\hsca32.sys (SCSI Miniport)
* c:\windows\system32\drivers\hpcisss.sys (SCSI Miniport)
* c:\windows\system32\drivers\elxstor.sys (SCSI Miniport)
* c:\windows\system32\drivers\arc.sys (SCSI Miniport)
C:\Windows\system32\drivers\aic78xx.sys (SCSI Miniport)
c:\windows\system32\drivers\kr10n.sys (SCSI Miniport)
c:\windows\system32\drivers\kr10i.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_scsi.sys (SCSI Miniport)
* c:\windows\system32\drivers\mraid35x.sys (SCSI Miniport)
* c:\windows\system32\drivers\nvstor.sys (SCSI Miniport)
* c:\windows\system32\drivers\nfrd960.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_fc.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_sas.sys (SCSI Miniport)
c:\windows\system32\drivers\kr3npxp.sys (SCSI Miniport)
* c:\windows\system32\drivers\megasas.sys (SCSI Miniport)
* c:\windows\system32\drivers\sisraid2.sys (SCSI Miniport)
* c:\windows\system32\drivers\sisraid4.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpu320.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpu160m.sys (SCSI Miniport)
* c:\windows\system32\drivers\vsmraid.sys (SCSI Miniport)
* C:\Windows\system32\drivers\stwrt.sys (SigmaTel High Definition Audio CODEC)
* C:\Windows\system32\drivers\si3132.sys (SiI-3132 SATALink Controller)
* c:\windows\system32\drivers\viaide.sys (System Bus Extender)
* c:\windows\system32\drivers\aliide.sys (System Bus Extender)
* c:\windows\system32\drivers\cmdide.sys (System Bus Extender)
* c:\windows\system32\drivers\nvraid.sys (System Bus Extender)
* C:\Windows\system32\drivers\tcusb.sys (TC USB Kernel Driver)
* c:\windows\system32\drivers\tmcomm.sys (tmcomm)
* C:\Windows\system32\drivers\tvalz.sys (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
* C:\Windows\system32\drivers\thpevm.sys (TOSHIBA HDD Protection - Shock Sensor Driver)
* C:\Windows\system32\drivers\thpdrv.sys (TOSHIBA HDD Protection Driver)
* C:\Windows\system32\drivers\agrsm.sys (TOSHIBA V92 Software Modem)
* C:\Windows\system32\drivers\tdcmdpst.sys (TOSHIBA Writing Engine Filter Driver)
* C:\Windows\system32\drivers\usa19h2k.sys (USB driver for the Keyspan USB Serial Adapter)
* C:\Windows\system32\drivers\nvlddmkm.sys (Video)
* c:\windows\system32\drivers\vsdatant.sys (vsdatant)

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
C:\Windows\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}
GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
c:\program files\qualcomm\eudora\eushlext.dll (Qualcomm Inc.) {EDB0E980-90BD-11D4-8599-0008C7D3B6F8}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis) {C539A15A-3AF9-4c92-B771-50CB78F5C751}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis) {C539A15B-3AF9-4c92-B771-50CB78F5C751}
c:\program files\creative element power tools\chgdate.dll (Creative Element) {4FD66292-5D53-41E5-BE43-CBC72E2C3776}
C:\Windows\system32\layout.dll (Microsoft) {19F500E0-9964-11cf-B63D-08002B317C03}
c:\program files\qualcomm\eudora\eushlext.dll (Qualcomm Inc.) {EDB0E980-90BD-11D4-8599-0008C7D3B6F8}
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3}
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8}
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
* c:\program files\roxio\virtual drive 9\dc_shellext.dll (Sonic Solutions) {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
c:\program files\protector suite ql\farchns.dll (UPEK Inc.) {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E}
c:\program files\protector suite ql\farchns.dll (UPEK Inc.) {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA}
c:\program files\protector suite ql\farchns.dll (UPEK Inc.) {66C99756-1C92-4d3e-BA69-9400A6F731F5}
c:\program files\protector suite ql\farchns.dll (UPEK Inc.) {055EF591-5C38-49a0-9BDA-51B1D69D0BF4}
* c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\program files\winrar-362\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882}
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
c:\windows\system32\psqlpwd.dll (UPEK Inc.)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
C:\Windows\system32\rksfaxpm.dll
C:\Windows\system32\sfppm.dll
C:\Windows\system32\tbtmon.dll (TOSHIBA CORPORATION.)

070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
---------------------------------------------------------------------
* C:\Windows\system32\relog_ap.dll (Acronis)

071 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
-------------------------------------------------------------------
C:\Windows\system32\psqlpwd.dll (UPEK Inc.)

100 Internet Explorer settings
------------------------------
Default_Page_URL HKLM : http://www.toshibadirect.com/dpdstart
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKCU : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Start Page HKCU : about:blank
Start Page HKLM : http://go.microsoft.com/fwlink/?LinkId=69157

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll (Kaspersky Lab) {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
- c:\windows\system32\housecall 6.6\housecall_activex.dll {215B8138-A3CF-44C5-803F-8226143CFC0A}
GUID / CLSID not found {556DDE35-E955-11D0-A707-000000521957}
GUID / CLSID not found {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
- c:\windows\downlo~1\oscan8.ocx {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
- c:\windows\downloaded program files\webscan.dll {7B297BFD-85E4-4092-B2AF-16A91B2EA103}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&Download All with FlashGet : C:\Program Files\FlashGet\jc_all.htm
&Download with FlashGet : C:\Program Files\FlashGet\jc_link.htm
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

120 Domain/DNS hijacking
------------------------
NameServer {8EC1D28E-BD14-4A2F-8305-1BD997F7FC9E} : 206.13.31.12,206.13.28.12

122 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
----------------------------------------------------------------------
C:\Windows\system32\vrlogon.dll (UPEK Inc.)

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
ConsentPromptBehaviorAdmin : 2
ConsentPromptBehaviorUser : 1
DisableCAD : 1
dontdisplaylastusername : 0
EnableInstallerDetection : 1
EnableLUA : 0
EnableSecureUIAPaths : 1
EnableVirtualization : 1
FilterAdministratorToken : 0
PromptOnSecureDesktop : 1
scforceoption : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1
ValidateAdminCodeSignatures : 0

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{40702afe-d9eb-11db-bf8c-0019d2878f74} : E:\setup.exe
{cd6b680c-cdd2-11db-b8d7-806e6f6e6963} : D:\setup.exe

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\program files\roxio\virtual drive 9\dc_shellext.dll (Sonic Solutions) {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
c:\program files\winrar-362\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\idm computer solutions\ultracompare\uc_shellext.dll {D39D9960-20CA-40CE-A802-8C64817BE518}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis)
* c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)

----------------------------------------------------------

#9 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 22 September 2007 - 09:50 AM

Hello mda

You forgot to upload and attach the .run file. You will need to zip it then upload it here for me.


Now we need to reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.


* Click on the Start Button, Click Search
Click "All Files and Folders"
Click "Advanced Options", put a check next to the following:
Search System Folders
Search Hidden Files And Folders
Search Subfolders


Next copy and paste the following entries into the search box(one at a time):

Files go here, eg :

jJB.exe



Please download OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\System32\drivers\srosa.sys

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



Then please re-run AVG anti-rootkit and post the log it gives you along with the OTMoveIt results and a new DSS log.

Edited by Rorschach, 22 September 2007 - 09:52 AM.


#10 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 September 2007 - 02:06 AM

i do not see the response i posted earlier, so i will try to re-post it.

i uploaded the run file already. i'll upload it again. i'm using vista business,
not xp. before i got your reply, i re-named that srosa file and re-booted. my
ntoskrnl.exe file did not get eaten, so i was able to boot okay. i was then able
to install trend micro internet security without it getting eaten either.
if this was the virus, then i assume i still need to get rid of whatever was loading
the file.

-----------------------------------------------------------
you did not mention what this jJB.exe file is.

re:

"Click on the Start Button, Click Search"

does not exsist "Click "All Files and Folders"

"Click "Advanced Options", put a check next to the following:"

does not exsist "Search System Folders"
does not exsist "Search Hidden Files And Folders"
does not exsist "Search Subfolders"

"include non-indexed, hidden, and system files" is what is there, but it's checkbox
is always grayed out. i did a "everywhere" search on c:\.

the result i got with the search i could do is:

JJB.EXE-DA0A438C.pf

------------------------------------------------------------------------------

after re-naming the srosa file, re-booting, etc., i did run avg and dss.

avg still crashes if i try to do an in-depth search. i did do a rootkit
search okay, and the results of that were "no rootkits found". there was
no new log for it. i ran dss. it only produced a main.txt file, no
extra.txt file this time. i've included that below.

-----------------------------------------------------------------

Deckard's System Scanner v20070905.67
Run by mda on 2007-09-22 22:52:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HiThis Clone ------------------------------------------------------------

Emulating logfile of HiThis v1.99.1
Scan saved at 2007-09-22 22:52:32
Platform: Windows Vista (6.00.6000)
MSIE: Internet Explorer (7.00.6000.16386)

Running processes:
C:\Windows\System32\taskeng.exe
C:\Windows\System32\dwm.exe
C:\Windows\explorer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Say the Time\SayTime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\RKS Fax\rksfax_control.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccmain.exe
C:\Toshiba\IVP\ISM\Ivpsvmgr.exe
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Trend Micro\Internet Security 2007\PccHCMS.exe
C:\Windows\explorer.exe
C:\Windows\System32\mobsync.exe
C:\0\Deckard's System Scanner-dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKEY_LOCAL_MACHINE\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKEY_LOCAL_MACHINE\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon
O4 - HKEY_LOCAL_MACHINE\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKEY_LOCAL_MACHINE\..\Run: [TosAutLk] C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s
O4 - HKEY_LOCAL_MACHINE\..\Run: [Say the Time] C:\Program Files\Say the Time\SayTime.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKEY_LOCAL_MACHINE\..\Run: [000StTHK] 000StTHK.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TOSDCR] %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKEY_LOCAL_MACHINE\..\Run: [RKS Fax Print Controller] "C:\Program Files\RKS Fax\rksfax_control.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [KeyMapperStarup] C:\0-1\KeyRemapper.exe /background
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hidr.exe
O4 - Startup: Creative Element Power Tools Startup.lnk = C:\Program Files\Creative Element Power Tools\Startup.exe
O4 - Global Startup: Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
O4 - Global Startup: Say the Time.lnk = C:\Program Files\Say the Time\SayTime.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://prerelease.trendmicro-europe.com/ho...ivex/hcImpl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} () - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} () - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EC1D28E-BD14-4A2F-8305-1BD997F7FC9E}: NameServer = 206.13.31.12,206.13.28.12
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: psfus - C:\Windows\System32\psqlpwd.dll
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - "C:\Windows\system32\bgsvcgen.exe"
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - "C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - "C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe"
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"
O23 - Service: RoxMediaDB9 - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
O23 - Service: stllssvr - MicroVision Development, Inc. - "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
O23 - Service: Swupdtmr - Unknown owner - C:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: THOTKEY - TOSHIBA Corporation - C:\Windows\System32\THotkey.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\System32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


-- Files created between 2007-08-22 and 2007-09-22 -----------------------------

2007-09-22 20:44:38 60056 --a------ C:\Windows\system32\drivers\srosa-o - Copy.sys
2007-09-21 16:07:40 0 d-------- C:\Documents and Settings\All Users\Trend Micro
2007-09-21 16:07:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-09-21 16:06:47 0 d-------- C:\Program Files\Trend Micro
2007-09-20 13:16:20 0 d-------- C:\Windows\system32\Kaspersky Lab
2007-09-20 13:16:20 0 d-------- C:\Documents and Settings\All Users\Kaspersky Lab
2007-09-20 13:16:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-05 10:52:19 0 d-------- C:\Windows\system32\catroot2
2007-09-05 01:46:34 0 d-------- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Google
2007-09-04 18:25:50 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2007-09-04 18:13:51 0 d-------- C:\Windows\system32\ZoneLabs
2007-09-04 18:13:50 0 d-------- C:\Documents and Settings\All Users\CheckPoint
2007-09-04 18:13:50 0 d-------- C:\Documents and Settings\All Users\Application Data\CheckPoint
2007-09-01 05:49:02 0 d-------- C:\Windows\BDOSCAN8
2007-09-01 05:37:56 0 d-------- C:\STWIN
2007-08-31 17:03:28 262144 --a------ C:\ntuser.dat
2007-08-29 00:56:50 0 d-------- C:\Program Files\Sophos
2007-08-28 10:46:40 0 d-------- C:\Program Files\Uniblue
2007-08-28 01:14:16 0 d--hs---- C:\found.001
2007-08-28 00:28:46 0 d-------- C:\Program Files\RKS Fax
2007-08-26 14:25:59 0 d-------- C:\Program Files\Alwil Software
2007-08-26 13:05:37 0 d-------- C:\Windows\Internet Logs
2007-08-26 10:04:04 0 d-------- C:\Program Files\Alwil Software-2
2007-08-26 06:16:44 0 d-------- C:\Windows\Sun
2007-08-26 04:05:57 27648 --a------ C:\Windows\system32\sfppm.dll <Not Verified; ; Snappy Fax Printer>
2007-08-25 11:45:56 27648 --a------ C:\Windows\system32\rksfaxpm.dll <Not Verified; ; RKS Fax>
2007-08-24 15:10:56 41 --a------ C:\Windows\WFXDEL.BAT
2007-08-24 15:10:55 0 d-------- C:\Program Files\Symantec
2007-08-24 14:01:04 0 dr------- C:\Documents and Settings\mda\Contacts
2007-08-24 12:59:27 0 d-------- C:\Program Files\QuickTime
2007-08-24 12:59:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-08-24 12:59:21 0 d-------- C:\Documents and Settings\All Users\Apple Computer
2007-08-23 22:06:21 0 d-------- C:\Program Files\Common Files\EZB Systems
2007-08-23 22:06:20 0 d-------- C:\Program Files\UltraISO
2007-08-23 21:56:08 0 d-------- C:\vlite2
2007-08-23 05:55:04 0 d-------- C:\Z


-- Find3M Report ---------------------------------------------------------------

2007-09-05 01:46:48 0 d-------- C:\Program Files\Google
2007-09-04 18:18:40 0 d-------- C:\Program Files\Common Files
2007-09-03 17:02:10 0 d-------- C:\Program Files\Windows Calendar
2007-08-28 13:11:44 0 d-------- C:\Program Files\MultiStage Recovery
2007-08-26 02:37:00 0 d-------- C:\Program Files\eMule
2007-08-25 15:09:27 0 d-------- C:\Program Files\InterActual
2007-08-24 17:14:22 0 d-------- C:\Program Files\WMR11
2007-08-21 18:53:31 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-08-21 18:52:04 0 d-------- C:\Program Files\Toshiba
2007-08-21 03:00:30 0 d-------- C:\Program Files\Common Files\InstallShield
2007-08-18 12:49:41 0 d-------- C:\Program Files\PowerDataRecovery
2007-08-18 12:26:22 0 d-------- C:\Program Files\UnErase
2007-08-18 12:09:31 0 d-------- C:\Program Files\Recover Files
2007-08-18 04:59:35 0 d-------- C:\Program Files\Undelete Plus
2007-08-18 03:55:31 0 d-------- C:\Program Files\Recover My Files
2007-08-17 02:44:40 0 d-------- C:\Program Files\DivX
2007-08-16 19:42:23 0 d-------- C:\Program Files\Acronis
2007-08-16 19:42:21 0 d-------- C:\Program Files\Common Files\Acronis
2007-08-16 18:45:20 0 d-------- C:\Program Files\Opera910
2007-08-15 10:38:12 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-08-15 10:04:20 0 d-------- C:\Program Files\Windows Mail
2007-08-13 05:44:05 0 d-------- C:\Program Files\Common Files\PX Storage Engine
2007-08-11 13:58:12 0 d-------- C:\Program Files\HD Tune
2007-08-11 13:42:41 0 d-------- C:\Program Files\Simpli Software
2007-08-11 11:38:08 0 d-------- C:\Program Files\AusLogics BoostSpeed
2007-08-11 10:49:54 0 d-------- C:\Program Files\AusLogics Disk Defrag
2007-08-11 05:43:10 0 d-------- C:\Program Files\Paragon Software
2007-08-11 04:58:18 0 d-------- C:\Program Files\DiskTrix
2007-08-10 07:43:22 0 d-------- C:\Program Files\Opera 7.54 java
2007-08-04 22:45:47 1203 --a------ C:\Windows\mozver.dat
2007-08-04 05:27:26 45568 --a------ C:\Windows\system32\realbsf1.dll
2007-08-04 05:27:26 69632 --a------ C:\Windows\system32\realbap1.dll
2007-08-03 21:05:48 0 d-------- C:\Program Files\cMail eXpress
2007-07-30 04:50:13 0 d-------- C:\Program Files\ELECARD
2007-07-30 04:50:13 0 d-------- C:\Program Files\Common Files\Elecard
2007-07-28 04:22:06 0 d-------- C:\Program Files\CMS Products
2007-07-25 19:53:34 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2007-07-25 19:50:34 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-25 19:50:34 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-25 19:50:22 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-25 19:50:22 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-25 19:50:22 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-25 19:50:22 740442 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-07-25 19:49:28 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2007-07-22 20:21:34 0 d-------- C:\Program Files\Replay AV 8
2007-07-22 20:18:52 0 d-------- C:\Program Files\Common Files\AVSMedia
2007-07-22 20:09:14 0 d-------- C:\Program Files\Replay Media Catcher2
2007-07-22 06:15:22 0 d-------- C:\Program Files\nandub
2007-07-17 11:02:51 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-07-06 21:07:32 56976 --------- C:\Windows\system32\GenSvcInst.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>
2007-07-06 21:07:32 122512 --a------ C:\Windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD9>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [12/03/2006 05:29 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [07/10/2007 05:48 AM]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [09/11/2006 04:21 PM]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [12/16/2005 03:41 AM]
"NDSTray.exe"="NDSTray.exe" []
"ThpSrv"="C:\Windows\system32\thpsrv /logon" []
"PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [07/20/2006 01:45 PM]
"TosAutLk"="C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe" [11/20/2006 07:14 PM]
"1A:Stardock TrayMonitor"="" []
"Say the Time"="C:\Program Files\Say the Time\SayTime.exe" [10/20/2006 07:19 PM]
"@"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [02/20/2007 04:44 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [02/20/2007 04:44 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [02/20/2007 04:44 PM]
"000StTHK"="000StTHK.exe" [06/23/2001 04:28 AM C:\Windows\System32\000StTHK.exe]
"TOSDCR"="C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe" [01/10/2007 10:59 AM]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [03/29/2007 10:39 AM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 04:49 PM]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [03/22/2007 11:46 AM]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [05/22/2007 04:32 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"RKS Fax Print Controller"="C:\Program Files\RKS Fax\rksfax_control.exe" [08/25/2007 06:46 AM]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [04/12/2007 03:58 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="TOSCDSPD.EXE" []
"KeyMapperStarup"="C:\0-1\KeyRemapper.exe" []
"drvsyskit"="C:\Windows\system32\drivers\hidr.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"1A:Stardock TrayMonitor"=

C:\Users\mda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Creative Element Power Tools Startup.lnk - C:\Program Files\Creative Element Power Tools\Startup.exe [6/6/2007 6:08:25 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [11/25/2006 9:29:44 AM]
Say the Time.lnk - C:\Program Files\Say the Time\SayTime.exe [6/29/2007 12:22:19 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"DisableCAD"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= C:\Program Files\Qualcomm\Eudora\EuShlExt.dll [08/17/2006 02:57 PM 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\Windows\system32\psqlpwd.dll 12/03/2006 05:50 PM 90112 C:\Windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli psqlpwd
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmt
LocalServiceNoNetwork PLA DPS BFE mpssvc
LocalServiceNetworkRestricted DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40702afe-d9eb-11db-bf8c-0019d2878f74}]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd6b680c-cdd2-11db-b8d7-806e6f6e6963}]
AutoRun\command- D:\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-09-22 22:52:59 ------------

#11 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 September 2007 - 02:11 AM

post for upload of .run file.

Attached Files



#12 Rorschach

Rorschach

  • Members
  • 523 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 23 September 2007 - 09:04 AM

Hello mda, please only do the things I ask you to do as otherwise we may not get your PC clean.

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

JJB.EXE-DA0A438C.pf

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hidr.exe

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




Please run OTMoveIt by OldTimer again.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\system32\drivers\srosa-o - Copy.sys
    C:\Windows\system32\drivers\hidr.exe


  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.

Note : If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.



Can you also please run the program runscanner again and post the .run file. The file you uploaded doesn't seem to be working.


So please post the result of that file I asked you to scan, the .run file, a new DSS log and the OTMoveIt results in your next reply.

#13 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 September 2007 - 10:43 PM

Virus Total
Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...
File JJB.EXE-DA0A438C.pf received on 09.24.2007 05:37:54 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/32 (0%)
Loading server information...

Antivirus Version Last Update Result
AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.23 -
Authentium 4.93.8 2007.09.23 -
Avast 4.7.1043.0 2007.09.24 -
AVG 7.5.0.485 2007.09.23 -
BitDefender 7.2 2007.09.24 -
CAT-QuickHeal 9.00 2007.09.21 -
ClamAV 0.91.2 2007.09.24 -
DrWeb 4.33 2007.09.23 -
eSafe 7.0.15.0 2007.09.23 -
eTrust-Vet 31.2.5154 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.24 -
Fortinet 3.11.0.0 2007.09.24 -
F-Prot 4.3.2.48 2007.09.23 -
F-Secure 6.70.13030.0 2007.09.24 -
Ikarus T3.1.1.12 2007.09.24 -
Kaspersky 4.0.2.24 2007.09.24 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.24 -
NOD32v2 2545 2007.09.23 -
Norman 5.80.02 2007.09.21 -
Panda 9.0.0.4 2007.09.23 -
Prevx1 V2 2007.09.24 -
Rising 19.42.01.00 2007.09.24 -
Sophos 4.21.0 2007.09.23 -
Sunbelt 2.2.907.0 2007.09.22 -
Symantec 10 2007.09.24 -
TheHacker 6.2.5.066 2007.09.22 -
VBA32 3.12.2.4 2007.09.23 -
VirusBuster 4.3.26:9 2007.09.23 -
Webwasher-Gateway 6.0.1 2007.09.23 -
Additional information
File size: 17098 bytes
MD5: 301afdef3a6d8b59598197477e595d34
SHA1: 3552a96a0ebda3580d3013a1d7df289f575a70dd

#14 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 September 2007 - 10:54 PM

C:\Windows\system32\drivers\srosa-o - Copy.sys moved successfully.
File/Folder C:\Windows\system32\drivers\hidr.exe not found.

Created on 09/23/2007 20:52:43

#15 mda

mda
  • Topic Starter

  • Members
  • 73 posts
  • OFFLINE
  •  
  • Local time:12:12 AM

Posted 23 September 2007 - 11:05 PM

Runscanner logfile http://www.runscanner.net

* = authenticode signed file
- = file not found

000 General info
----------------
Computer name : MDA-PC
Creation time : 9/23/2007 8:56:24 PM
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.6000.16512
OS : Windows Vista ™ Business
OS Build : 6000
OS SP :
RunScanner Version : 1.0.3.0
Type of scan : Full scan
User Language : English (United States)
User rights : Administrator
Windows folder : C:\Windows

001 Running processes
---------------------
* c:\program files\apoint2k\apoint.exe (Alps Electric Co., Ltd.)
* c:\program files\apoint2k\apntex.exe (Alps Electric Co., Ltd.)
* c:\program files\apoint2k\apmsgfwd.exe (Alps Electric Co., Ltd.)
c:\program files\toshiba\toscdspd\toscdspd.exe (TOSHIBA)
c:\program files\toshiba\configfree\cfswmgr.exe (TOSHIBA CORPORATION)
c:\program files\toshiba\configfree\ndstray.exe (TOSHIBA CORPORATION)
* c:\program files\protector suite ql\psqltray.exe (UPEK Inc.)
* c:\program files\mozilla firefox\firefox.exe (Mozilla Corporation)
c:\toshiba\ivp\ism\ivpsvmgr.exe (TOSHIBA Corporation)
c:\program files\ltmoh\ltmoh.exe (Agere Systems)
* c:\progra~1\trendm~1\intern~1\pccguide.exe (Trend Micro Inc.)
* c:\program files\rks fax\rksfax_control.exe
* c:\users\mda\appdata\local\temp\rar$ex00.371\runscanner.exe (Runscanner.net)
c:\program files\say the time\saytime.exe (Provenio Software Corporation)
* c:\program files\toshiba\smoothview\smoothview.exe (TOSHIBA Corporation)
c:\program files\toshiba\bluetooth toshiba stack\tosa2dp.exe (TOSHIBA CORPORATION.)
c:\program files\toshiba\bluetooth toshiba stack\tosbthid.exe (TOSHIBA CORPORATION.)
c:\program files\toshiba\bluetooth toshiba stack\tosbthsp.exe (TOSHIBA CORPORATION.)
c:\program files\toshiba\bluetooth toshiba stack\tosbtmng.exe (TOSHIBA CORPORATION.)
* c:\program files\toshiba\flashcards\tcrdmain.exe (TOSHIBA Corporation)
* c:\windows\system32\thpsrv.exe (TOSHIBA Corporation)

002 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
C:\Windows\system32\000stthk.exe
* C:\Program Files\toshiba\flashcards\tcrdmain.exe (TOSHIBA Corporation)
* c:\program files\apoint2k\apoint.exe (Alps Electric Co., Ltd.)
* C:\Program Files\toshiba\tbs\hson.exe (TOSHIBA Corporation)
c:\program files\ltmoh\ltmoh.exe (Agere Systems)
- ndstray.exe
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation)
* c:\windows\system32\nvmctray.dll (NVIDIA Corporation)
* c:\windows\system32\nvsvc.dll (NVIDIA Corporation)
* c:\program files\trend micro\internet security 2007\pccguide.exe (Trend Micro Inc.)
c:\toshiba\ivp\ism\pinger.exe (TOSHIBA Corporation)
* c:\program files\protector suite ql\launcher.exe (UPEK Inc.)
c:\program files\quicktime\qttask.exe (Apple Inc.)
* c:\program files\rks fax\rksfax_control.exe
c:\program files\say the time\saytime.exe (Provenio Software Corporation)
* C:\Program Files\toshiba\smoothview\smoothview.exe (TOSHIBA Corporation)
* C:\windows\system32\thpsrv.exe (TOSHIBA Corporation)
c:\program files\toshiba\wirelesskeylogon\tosautlk.exe ( TOSHIBA CORPORATION)
* C:\Program Files\toshiba\passwordutility\tosdcr.exe (TOSHIBA Corporation)
* C:\Program Files\toshiba\power saver\tpwrmain.exe (TOSHIBA Corporation)

003 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run (+subkeys)
-----------------------------------------------------------------
- c:\0-1\keyremapper.exe
- toscdspd.exe

004 C:\Users\mda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
------------------------------------------------------------------------------
c:\progra~1\creati~1\startup.exe (Creative Element)

005 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
----------------------------------------------------------------
c:\progra~1\saythe~1\saytime.exe (Provenio Software Corporation)
c:\progra~1\toshiba\blueto~1\tosbtmng.exe (TOSHIBA CORPORATION.)

006 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------
c:\progra~1\saythe~1\saytime.exe (Provenio Software Corporation)
c:\progra~1\toshiba\blueto~1\tosbtmng.exe (TOSHIBA CORPORATION.)

007 %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
-------------------------------------------------------------------------------
c:\progra~1\creati~1\startup.exe (Creative Element)

010 HKLM\SYSTEM\CurrentControlSet\Services (Services)
-----------------------------------------------------
* c:\program files\common files\acronis\acronis disk director\oss_reinstall_svc.exe (Acronis OS Selector Reinstall Service)
* c:\program files\common files\acronis\schedule2\schedul2.exe (Acronis Scheduler2 Service)
* c:\windows\system32\agrsmsvc.exe (Agere Modem Call Progress Audio)
c:\windows\system32\bgsvcgen.exe (B's Recorder GOLD Library General Service)
c:\program files\toshiba\configfree\cfsvcs.exe (ConfigFree Service)
- c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe (InstallDriver Table Manager)
c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe (LiveShare P2P Server 9)
* c:\program files\nero\nero 7\nero backitup\nbservice.exe (NBService)
* c:\program files\common files\ahead\lib\nmindexingservice.exe (NMIndexingService)
* C:\Program Files\winpcap\rpcapd.exe (Remote Packet Capture Protocol v.0 (experimental))
c:\program files\common files\roxio shared\9.0\sharedcom\roxwatch9.exe (Roxio Hard Drive Watcher 9)
c:\program files\roxio\digital home 9\roxioupnprenderer9.exe (Roxio UPnP Renderer 9)
c:\program files\roxio\digital home 9\roxioupnpservice9.exe (Roxio Upnp Server 9)
c:\program files\common files\roxio shared\9.0\sharedcom\roxmediadb9.exe (RoxMediaDB9)
c:\program files\common files\surething shared\stllssvr.exe (stllssvr)
c:\toshiba\ivp\swupdate\swupdtmr.exe (Swupdtmr)
C:\Windows\system32\thotkey.exe (THotkey)
c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe (TOSHIBA Bluetooth Service)
* c:\windows\system32\thpsrv.exe (TOSHIBA HDD Protection)
c:\windows\system32\toddsrv.exe (TOSHIBA Optical Disc Drive Service)
* c:\program files\toshiba\power saver\toscosrv.exe (TOSHIBA Power Saver)
* c:\progra~1\trendm~1\intern~1\pcctlcom.exe (Trend Micro Central Control Component)
* c:\progra~1\trendm~1\intern~1\tmpfw.exe (Trend Micro Personal Firewall)
* c:\progra~1\trendm~1\intern~1\pcscnsrv.exe (Trend Micro Protection Against Spyware)
* c:\progra~1\trendm~1\intern~1\tmproxy.exe (Trend Micro Proxy Service)
* c:\progra~1\trendm~1\intern~1\tmntsrv.exe (Trend Micro Real-time Service)
c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe (Ulead Burning Helper)

011 HKLM\SYSTEM\CurrentControlSet\Services (drivers)
----------------------------------------------------
* C:\Windows\system32\drivers\snapman.sys (Acronis Snapshots Manager)
C:\Windows\system32\drivers\timntr.sys (Acronis True Image Backup Archive Explorer)
* C:\Windows\system32\drivers\apfiltr.sys (Alps Pointing-device Filter Driver)
* C:\Windows\system32\drivers\aplmp50.sys (APLMp50 NDIS Protocol Driver)
C:\Windows\system32\drivers\avgarkt.sys (AVG Anti-Rootkit)
C:\Windows\system32\drivers\avgarcln.sys (Avg Anti-Rootkit Clean Driver)
C:\Windows\system32\drivers\gmer.sys (Base)
- c:\windows\system32\drivers\blbdrive.sys (blbdrive.sys)
* C:\Windows\system32\drivers\tosrfec.sys (Bluetooth ACPI)
* C:\Windows\system32\drivers\tosrfsnd.sys (Bluetooth Audio)
* C:\Windows\system32\drivers\tosporte.sys (Bluetooth COM Port)
* C:\Windows\system32\drivers\toshidpt.sys (Bluetooth HID Port)
* C:\Windows\system32\drivers\tosrfnds.sys (Bluetooth Personal Area Network)
* C:\Windows\system32\drivers\tosrfbnp.sys (Bluetooth RFBNEP)
* C:\Windows\system32\drivers\tosrfbd.sys (Bluetooth RFBUS)
* C:\Windows\system32\drivers\tosrfcom.sys (Bluetooth RFCOMM)
* C:\Windows\system32\drivers\tosrfhid.sys (Bluetooth RFHID)
* C:\Windows\system32\drivers\tosrfusb.sys (Bluetooth USB Controller)
* c:\windows\system32\drivers\brserid.sys (Brother MFC Serial Port Interface Driver (WDM))
* c:\windows\system32\drivers\brusbmdm.sys (Brother MFC USB Fax Only Modem)
* c:\windows\system32\drivers\brusbser.sys (Brother MFC USB Serial WDM Driver)
* c:\windows\system32\drivers\brfiltlo.sys (Brother USB Mass-Storage Lower Filter Driver)
* c:\windows\system32\drivers\brfiltup.sys (Brother USB Mass-Storage Upper Filter Driver)
* c:\windows\system32\drivers\brserwdm.sys (Brother WDM Serial driver)
- c:\windows\system32\drivers\portd2k.sys (CMS PortIO Service)
* C:\Windows\system32\drivers\hotcore3.sys (hotcore3)
* c:\windows\system32\drivers\iastorv.sys (Intel RAID Controller Vista)
* C:\Windows\system32\drivers\e1g60i32.sys (Intel® PRO/1000 NDIS 6 Adapter Driver)
* C:\Windows\system32\drivers\e1e6032.sys (Intel® PRO/1000 PCI Express Network Connection Driver)
* C:\Windows\system32\drivers\netw3v32.sys (Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit)
* C:\Windows\system32\drivers\netw4v32.sys (Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit)
- c:\windows\system32\drivers\ipinip.sys (IP in IP Tunnel Driver)
- c:\windows\system32\drivers\nwlnkflt.sys (IPX Traffic Filter Driver)
- c:\windows\system32\drivers\nwlnkfwd.sys (IPX Traffic Forwarder Driver)
* c:\windows\system32\drivers\iteatapi.sys (ITEATAPI_Service_Install)
* c:\windows\system32\drivers\iteraid.sys (ITERAID_Service_Install)
C:\Windows\system32\drivers\iviaspi.sys (IVI ASPI Shell)
* C:\Windows\system32\drivers\usa19h2kp.sys (Keyspan USB Serial Port Driver)
C:\Windows\system32\drivers\ks-959.sys (Kingsun KS-959 USB Infrared Adapter)
* C:\Windows\system32\drivers\lgusbbus.sys (LGE Mobile Composite USB Device)
* C:\Windows\system32\drivers\lgusbmodem.sys (LGE Mobile USB Modem)
* C:\Windows\system32\drivers\lgusbdiag.sys (LGE Mobile USB Serial Port)
- c:\windows\system32\drivers\srosa.sys (Megadrv3)
* C:\Windows\system32\drivers\npf.sys (NetGroup Packet Filter Driver)
* c:\windows\system32\drivers\ntrigdigi.sys (N-trig HID Tablet Driver)
c:\windows\system32\drivers\oreans32.sys (oreans32)
* C:\Windows\system32\drivers\pxhelp20.sys (PxHelp20)
* c:\windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Miniport Driver)
* c:\windows\system32\drivers\ql40xx.sys (QLogic iSCSI Miniport Driver)
* C:\Windows\system32\drivers\siwinacc.sys (SATALink driver accelerator)
* C:\Windows\system32\drivers\siremfil.sys (SATALink External Device Filter)
* c:\windows\system32\drivers\arcsas.sys (SCSI miniport)
* c:\windows\system32\drivers\arc.sys (SCSI Miniport)
* c:\windows\system32\drivers\elxstor.sys (SCSI Miniport)
* c:\windows\system32\drivers\adp94xx.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_scsi.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_sas.sys (SCSI Miniport)
* c:\windows\system32\drivers\lsi_fc.sys (SCSI Miniport)
c:\windows\system32\drivers\kr3npxp.sys (SCSI Miniport)
c:\windows\system32\drivers\kr10n.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpahci.sys (SCSI Miniport)
c:\windows\system32\drivers\kr10i.sys (SCSI Miniport)
* c:\windows\system32\drivers\ulsata.sys (SCSI Miniport)
* c:\windows\system32\drivers\iirsp.sys (SCSI Miniport)
C:\Windows\system32\drivers\aic78xx.sys (SCSI Miniport)
C:\Windows\system32\drivers\hsca32.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpu320.sys (SCSI Miniport)
* c:\windows\system32\drivers\vsmraid.sys (SCSI Miniport)
* c:\windows\system32\drivers\hpcisss.sys (SCSI Miniport)
* c:\windows\system32\drivers\adpu160m.sys (SCSI Miniport)
* c:\windows\system32\drivers\ulsata2.sys (SCSI Miniport)
* c:\windows\system32\drivers\uliahci.sys (SCSI Miniport)
* c:\windows\system32\drivers\megasas.sys (SCSI Miniport)
* c:\windows\system32\drivers\sym_hi.sys (SCSI Miniport)
* c:\windows\system32\drivers\nvstor.sys (SCSI Miniport)
* c:\windows\system32\drivers\nfrd960.sys (SCSI Miniport)
* c:\windows\system32\drivers\symc8xx.sys (SCSI Miniport)
* c:\windows\system32\drivers\sisraid2.sys (SCSI Miniport)
* c:\windows\system32\drivers\sisraid4.sys (SCSI Miniport)
* c:\windows\system32\drivers\mraid35x.sys (SCSI Miniport)
* c:\windows\system32\drivers\sym_u3.sys (SCSI Miniport)
* C:\Windows\system32\drivers\stwrt.sys (SigmaTel High Definition Audio CODEC)
* C:\Windows\system32\drivers\si3132.sys (SiI-3132 SATALink Controller)
* c:\windows\system32\drivers\cmdide.sys (System Bus Extender)
* c:\windows\system32\drivers\nvraid.sys (System Bus Extender)
* c:\windows\system32\drivers\viaide.sys (System Bus Extender)
* c:\windows\system32\drivers\aliide.sys (System Bus Extender)
* C:\Windows\system32\drivers\tcusb.sys (TC USB Kernel Driver)
* C:\Windows\system32\drivers\tmcomm.sys (tmcomm)
* C:\Windows\system32\drivers\tmpreflt.sys (tmpreflt)
* C:\Windows\system32\drivers\tmxpflt.sys (tmxpflt)
* C:\Windows\system32\drivers\tvalz.sys (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
* C:\Windows\system32\drivers\thpevm.sys (TOSHIBA HDD Protection - Shock Sensor Driver)
* C:\Windows\system32\drivers\thpdrv.sys (TOSHIBA HDD Protection Driver)
* C:\Windows\system32\drivers\agrsm.sys (TOSHIBA V92 Software Modem)
* C:\Windows\system32\drivers\tdcmdpst.sys (TOSHIBA Writing Engine Filter Driver)
* C:\Windows\system32\drivers\tm_cfw.sys (Trend Micro Common Firewall Service)
* C:\Windows\system32\drivers\tm_mbd_c.sys (Trend Micro MBD Driver)
* C:\Windows\system32\drivers\tmtdi.sys (Trend Micro TDI Driver)
* C:\Windows\system32\drivers\usa19h2k.sys (USB driver for the Keyspan USB Serial Adapter)
* C:\Windows\system32\drivers\nvlddmkm.sys (Video)
* C:\Windows\system32\drivers\vsapint.sys (vsapint)
* c:\windows\system32\drivers\vsdatant.sys (vsdatant)

042 HKLM\Software\Microsoft\Internet Explorer\Extensions
--------------------------------------------------------
GUID / CLSID not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Windows\bdoscandel.exe {85d1f590-48f4-11d9-9669-0800200c9a66}
GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}
GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}

050 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
-----------------------------------------------------------------------------
c:\program files\qualcomm\eudora\eushlext.dll (Qualcomm Inc.) {EDB0E980-90BD-11D4-8599-0008C7D3B6F8}

052 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
----------------------------------------------------------------------------------
* c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll (Adobe Systems Incorporated) {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
* c:\program files\java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

061 HKLM-HCKU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
---------------------------------------------------------------------------------
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis) {C539A15A-3AF9-4c92-B771-50CB78F5C751}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis) {C539A15B-3AF9-4c92-B771-50CB78F5C751}
c:\program files\creative element power tools\chgdate.dll (Creative Element) {4FD66292-5D53-41E5-BE43-CBC72E2C3776}
C:\Windows\system32\layout.dll (Microsoft) {19F500E0-9964-11cf-B63D-08002B317C03}
c:\program files\qualcomm\eudora\eushlext.dll (Qualcomm Inc.) {EDB0E980-90BD-11D4-8599-0008C7D3B6F8}
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {B327765E-D724-4347-8B16-78AE18552FC3}
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {7F1CF152-04F8-453A-B34C-E609530A9DC8}
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {A70C977A-BF00-412C-90B7-034C51DA2439}
* c:\windows\system32\nvcpl.dll (NVIDIA Corporation) {FFB699E0-306A-11d3-8BD1-00104B6F7516}
* c:\program files\roxio\virtual drive 9\dc_shellext.dll (Sonic Solutions) {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
c:\program files\protector suite ql\farchns.dll (UPEK Inc.) {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E}
c:\program files\protector suite ql\farchns.dll (UPEK Inc.) {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA}
c:\program files\protector suite ql\farchns.dll (UPEK Inc.) {66C99756-1C92-4d3e-BA69-9400A6F731F5}
c:\program files\protector suite ql\farchns.dll (UPEK Inc.) {055EF591-5C38-49a0-9BDA-51B1D69D0BF4}
* c:\program files\real\realplayer\rpshell.dll (RealNetworks, Inc.) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}
c:\program files\winrar-362\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}

062 HKLM-HKCU\Software\Classes\Folder\Shellex\ColumnHandlers
------------------------------------------------------------
* c:\program files\common files\ahead\lib\nerodigitalext.dll (Nero AG) {7D4D6379-F301-4311-BEBA-E26EB0561882}
c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}

067 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
---------------------------------------------------------------------
c:\windows\system32\psqlpwd.dll (UPEK Inc.)

069 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
--------------------------------------------------------
C:\Windows\system32\rksfaxpm.dll
C:\Windows\system32\sfppm.dll
C:\Windows\system32\tbtmon.dll (TOSHIBA CORPORATION.)

070 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
---------------------------------------------------------------------
* C:\Windows\system32\relog_ap.dll (Acronis)

071 HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
-------------------------------------------------------------------
C:\Windows\system32\psqlpwd.dll (UPEK Inc.)

100 Internet Explorer settings
------------------------------
Default_Page_URL HKLM : http://www.toshibadirect.com/dpdstart
Default_Search_URL HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKCU : http://go.microsoft.com/fwlink/?LinkId=54896
Search Page HKLM : http://go.microsoft.com/fwlink/?LinkId=54896
Start Page HKCU : about:blank
Start Page HKLM : http://go.microsoft.com/fwlink/?LinkId=69157

104 HKLM\Software\Microsoft\Code Store Database\Distribution Units
------------------------------------------------------------------
c:\windows\system32\kaspersky lab\kaspersky online scanner\kavwebscan.dll (Kaspersky Lab) {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
- c:\windows\system32\housecall 6.6\housecall_activex.dll {215B8138-A3CF-44C5-803F-8226143CFC0A}
GUID / CLSID not found {556DDE35-E955-11D0-A707-000000521957}
GUID / CLSID not found {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
- c:\windows\downloaded program files\webscan.dll {7B297BFD-85E4-4092-B2AF-16A91B2EA103}

105 HKCU\Software\Microsoft\Internet Explorer\MenuExt
-----------------------------------------------------
&Download All with FlashGet : C:\Program Files\FlashGet\jc_all.htm
&Download with FlashGet : C:\Program Files\FlashGet\jc_link.htm
E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

120 Domain/DNS hijacking
------------------------
NameServer {35D359D9-0BE3-4D84-9548-541A59CA8040} : 68.94.156.1 68.94.157.1
NameServer {8EC1D28E-BD14-4A2F-8305-1BD997F7FC9E} : 206.13.31.12,206.13.28.12

122 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL
----------------------------------------------------------------------
C:\Windows\system32\vrlogon.dll (UPEK Inc.)

161 HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System
------------------------------------------------------------------
ConsentPromptBehaviorAdmin : 2
ConsentPromptBehaviorUser : 1
DisableCAD : 1
dontdisplaylastusername : 0
EnableInstallerDetection : 1
EnableLUA : 0
EnableSecureUIAPaths : 1
EnableVirtualization : 1
FilterAdministratorToken : 0
PromptOnSecureDesktop : 1
scforceoption : 0
shutdownwithoutlogon : 1
undockwithoutlogon : 1
ValidateAdminCodeSignatures : 0

170 HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
------------------------------------------------------------------------
{40702afe-d9eb-11db-bf8c-0019d2878f74} : E:\setup.exe
{cd6b680c-cdd2-11db-b8d7-806e6f6e6963} : D:\setup.exe

173 HKCR\*\shellex\ContextMenuHandlers
--------------------------------------
* c:\program files\roxio\virtual drive 9\dc_shellext.dll (Sonic Solutions) {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
c:\program files\winrar-362\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\idm computer solutions\ultracompare\uc_shellext.dll {D39D9960-20CA-40CE-A802-8C64817BE518}
* c:\program files\acronis\trueimagehome\tishell.dll (Acronis)
* c:\program files\nero\nero 7\nero backitup\nbshell.dll (Nero AG)

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users