Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde.o/win32/fotomoto


  • Please log in to reply
13 replies to this topic

#1 ShocktimusPrime1

ShocktimusPrime1

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 10 September 2007 - 12:29 AM

I've got some serious slowdowns, constantly booted from IE and firefox is no treat right now either. Thanks in advance for any advice. Here's the logfile:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:47 AM, on 9/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\system32\UStorSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Zune\ZuneNss.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3EB1130F-FE74-409F-BCBB-C5ABC9AF5227} - (no file)
O2 - BHO: (no name) - {409582F2-9BC3-4DB9-902F-4B11CD8CAA05} - (no file)
O2 - BHO: (no name) - {4AA49418-D47E-47EB-AAD9-3FA5155F3025} - C:\WINDOWS\system32\fccdebx.dll (file missing)
O2 - BHO: (no name) - {53CD1E63-7E0C-4B97-B7B6-753F7DB62273} - (no file)
O2 - BHO: (no name) - {58F39DEE-4466-4757-8EDD-9392E8455472} - (no file)
O2 - BHO: (no name) - {603B0F8B-3A77-4532-B70B-E5EBC7FBFBD3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AD6C4BF5-431D-47F6-8483-CCB04C9B540E} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C8DE3D59-0798-49CC-B122-FBF06685D1A2} - C:\WINDOWS\system32\ssqpm.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - (no file)
O2 - BHO: (no name) - {DE7FFE43-91B6-45A9-8B22-E8BD27DC8CCD} - (no file)
O2 - BHO: (no name) - {E1D0D090-FE1A-4BB7-A418-36C23562E9DB} - (no file)
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [nfastfath] C:\Program Files\nfastfath.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.atribune.org
O15 - Trusted Zone: http://gameinvasion.comcast.net
O15 - Trusted Zone: http://secured2k.home.comcast.net
O15 - Trusted Zone: www.comcast.net
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O20 - Winlogon Notify: fccdebx - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0034791188711566) (0034791188711566mcinstcleanup) - Unknown owner - C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\003479~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 12586 bytes

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 10 September 2007 - 02:19 PM

Right click here and click save link as
Save it as resetteatimer.bat to your desktop

1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Double click on resetteatimer.bat and wait for it to finish

Download the latest version of ComboFix from Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3 ShocktimusPrime1

ShocktimusPrime1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 11 September 2007 - 12:01 AM

Ok here goes

ComboFix 07-09-10.6 - "Owner" 2007-09-10 23:38:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1029 [GMT -5:00]
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DOCUME~1\OWNER~1.YOU\Desktop\internet.lnk
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\boivxfvv.exe
C:\WINDOWS\system32\ddfierff.exe
C:\WINDOWS\system32\dwopceuv.dll
C:\WINDOWS\system32\ektigrjx.exe
C:\WINDOWS\system32\fdnyvevb.exe
C:\WINDOWS\system32\gdipjkgj.exe
C:\WINDOWS\system32\gklanurj.exe
C:\WINDOWS\system32\gobycdje.exe
C:\WINDOWS\system32\hcsvogce.exe
C:\WINDOWS\system32\joeoemdg.exe
C:\WINDOWS\system32\nmmrxeru.exe
C:\WINDOWS\system32\ojleklol.exe
C:\WINDOWS\system32\pbcuvjsf.exe
C:\WINDOWS\system32\pblugxqr.exe
C:\WINDOWS\system32\qjqupucw.exe
C:\WINDOWS\system32\rwyebcmj.exe
C:\WINDOWS\system32\trdnpifc.exe
C:\WINDOWS\system32\umwyqcna.exe
C:\WINDOWS\system32\vuecpowd.ini
C:\WINDOWS\system32\xkdygvhg.exe
C:\WINDOWS\system32\xqdwxbvp.exe
D:\Autorun.inf


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NWSAPAGENT
-------\NwSapAgent


((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.

2007-09-10 23:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 20:35 2,008,802 ---hs---- C:\WINDOWS\system32\mpqss.ini2
2007-09-10 19:39 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\.housecall6.6
2007-09-09 23:04 <DIR> d-------- C:\Program Files\Network Associates
2007-09-09 22:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-09 22:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-09 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-09 22:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-09 17:59 2,008,850 ---hs---- C:\WINDOWS\system32\mpqss.bak2
2007-09-09 17:25 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-09 17:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-09-08 13:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee
2007-09-08 05:52 <DIR> d-------- C:\Program Files\OneStepSearch
2007-09-08 05:52 <DIR> d-------- C:\Program Files\filesubmit
2007-09-07 22:55 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-09-07 21:07 6,448 ---hs---- C:\WINDOWS\system32\mpqss.bak1
2007-09-07 21:06 244,832 --a------ C:\WINDOWS\system32\ssqpm.dll
2007-09-05 20:18 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\McAfee
2007-09-03 16:11 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\wsInspector
2007-09-03 15:56 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2007-09-02 00:40 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-09-02 00:39 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-02 00:39 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-02 00:39 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-02 00:39 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-02 00:39 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-02 00:39 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-02 00:24 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-02 00:20 <DIR> d-------- C:\Program Files\XCopyPSPPro
2007-09-02 00:20 <DIR> d-------- C:\Program Files\Total Video Converter
2007-09-02 00:19 <DIR> d-------- C:\Program Files\DaemonTools_WhenUSave_Installer
2007-09-01 23:40 <DIR> d-------- C:\Program Files\McAfee.com
2007-09-01 23:39 <DIR> d-------- C:\Program Files\McAfee
2007-09-01 23:39 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-01 20:59 <DIR> d-------- C:\Program Files\Shareaza
2007-09-01 20:59 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Shareaza
2007-09-01 20:35 <DIR> d-------- C:\Temp
2007-09-01 20:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-01 13:21 6,496 ---hs---- C:\WINDOWS\system32\xybeg.bak1
2007-08-29 17:49 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-08-14 19:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-11 05:21 <DIR> d-------- C:\WINDOWS\pss
2007-08-11 05:10 <DIR> d-------- C:\DECCHECK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 22:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-10 21:06 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-09-10 20:56 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
2007-09-09 05:55 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\uTorrent
2007-09-05 20:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-01 21:05 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Lavasoft
2007-08-31 19:57 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-08-11 04:50 --------- d-------- C:\Program Files\Steam
2007-08-10 18:24 --------- d-------- C:\Program Files\CyberLink
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-04 09:15 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Nero
2007-08-04 09:08 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\DivX
2007-08-04 08:58 --------- d-------- C:\Program Files\DivX
2007-08-04 08:06 1972 --a------ C:\Program Files\installer.js
2007-08-04 05:21 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\dvdcss
2007-08-04 02:40 --------- d-------- C:\Program Files\SlySoft
2007-08-04 01:18 --------- d-------- C:\Program Files\Apex
2007-08-03 19:49 --------- d-------- C:\Program Files\Zune
2007-08-03 19:49 --------- d-------- C:\Program Files\DIFX
2007-08-03 19:49 --------- d-------- C:\Program Files\Common Files\ComponentOne
2007-07-31 16:34 --------- d-------- C:\Program Files\Common Files\EasyInfo
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-29 11:20 --------- d-------- C:\Program Files\DAEMON Tools
2007-07-28 14:25 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\WinRAR
2007-07-26 23:44 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-26 20:06 --------- d-------- C:\Program Files\BigFix
2007-07-26 18:06 9464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-26 18:06 9336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-26 18:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-26 18:06 43528 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-26 18:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 18:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 18:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 18:06 129784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-07-26 18:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 18:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 18:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-26 18:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 18:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 18:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 18:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 18:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-26 18:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 18:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-26 18:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 18:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-26 18:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-26 18:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-26 18:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-26 18:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-26 17:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-23 23:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-07-23 22:39 --------- d-------- C:\Program Files\EA Games
2007-07-19 21:54 --------- d-------- C:\Program Files\Lionhead Studios
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvusmb.exe
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvunrm.exe
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-06-29 01:54 356352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-06-29 00:43 8466432 --a------ C:\WINDOWS\system32\nvcpl.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvwddi.dll
2007-06-29 00:43 81920 --a------ C:\WINDOWS\system32\nvmctray.dll
2007-06-29 00:43 753664 --a------ C:\WINDOWS\system32\nvcplui.exe
2007-06-29 00:43 6729728 --a------ C:\WINDOWS\system32\nvoglnt.dll
2007-06-29 00:43 6234112 --a------ C:\WINDOWS\system32\nvdisps.dll
2007-06-29 00:43 5690624 --a------ C:\WINDOWS\system32\nv4_disp.dll
2007-06-29 00:43 5455872 --a------ C:\WINDOWS\system32\nvdispsr.dll
2007-06-29 00:43 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43 458752 --a------ C:\WINDOWS\system32\nvmccssr.dll
2007-06-29 00:43 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2007-06-29 00:43 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcodins.dll
2007-06-29 00:43 37376 --a------ C:\WINDOWS\system32\nvcod.dll
2007-06-29 00:43 360448 --a------ C:\WINDOWS\system32\nvapi.dll
2007-06-29 00:43 3600384 --a------ C:\WINDOWS\system32\nvvitvsr.dll
2007-06-29 00:43 3518464 --a------ C:\WINDOWS\system32\nvvitvs.dll
2007-06-29 00:43 3321856 --a------ C:\WINDOWS\system32\nvgames.dll
2007-06-29 00:43 3072000 --a------ C:\WINDOWS\system32\nvgamesr.dll
2007-06-29 00:43 307200 --a------ C:\WINDOWS\system32\nvexpbar.dll
2007-06-29 00:43 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-06-29 00:43 2854912 --a------ C:\WINDOWS\system32\nvmoblsr.dll
2007-06-29 00:43 2416640 --a------ C:\WINDOWS\system32\nvwssr.dll
2007-06-29 00:43 2330624 --a------ C:\WINDOWS\system32\nvwss.dll
2007-06-29 00:43 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2007-06-29 00:43 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2007-06-29 00:43 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43 155716 --a------ C:\WINDOWS\system32\nvsvc32.exe
2007-06-29 00:43 1474560 --a------ C:\WINDOWS\system32\nview.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2129816-8735-47A7-8056-19C10AF5E9BA}]
2007-09-07 21:06 244832 --a------ C:\WINDOWS\system32\ssqpm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE7FFE43-91B6-45A9-8B22-E8BD27DC8CCD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1D0D090-FE1A-4BB7-A418-36C23562E9DB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 15:42]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 12:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 17:03]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2007-08-31 16:46]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdebx]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqpm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayPal Virtual Debit Card]
C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalVDC.exe StartUp /dontopenmycards /AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

.
Contents of the 'Scheduled Tasks' folder
"2007-06-19 02:34:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-11 03:56:05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-09-10 16:33:32 C:\WINDOWS\Tasks\defrag.job"
"2007-09-11 04:47:16 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-10 23:07:35 C:\WINDOWS\Tasks\now.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-10 23:47:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\WMPrfCHS.prx
C:\WINDOWS\wmprfptg.prx
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\wmp11.log
C:\WINDOWS\WMPrfAra.prx
C:\WINDOWS\WMPrfCHT.prx
C:\WINDOWS\wmprfcsy.prx
C:\WINDOWS\wmprfdan.prx
C:\WINDOWS\WMPrfDeu.prx
C:\WINDOWS\wmprfell.prx
C:\WINDOWS\wmprfesp.prx
C:\WINDOWS\wmprffin.prx
C:\WINDOWS\wmprffra.prx
C:\WINDOWS\wmprfheb.prx
C:\WINDOWS\wmprfhun.prx
C:\WINDOWS\wmprfita.prx
C:\WINDOWS\WMPrfJpn.prx
C:\WINDOWS\WMPrfKor.prx
C:\WINDOWS\wmprfnld.prx
C:\WINDOWS\wmprfnor.prx
C:\WINDOWS\wmprfplk.prx
C:\WINDOWS\wmprfptb.prx
C:\WINDOWS\wmprfrus.prx
C:\WINDOWS\wmprfsky.prx
C:\WINDOWS\wmprfslv.prx
C:\WINDOWS\wmprfsve.prx
C:\WINDOWS\wmprftrk.prx
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\wpd99.drv
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\XCopyPro.INI
C:\WINDOWS\xpsp1hfm.log
C:\WINDOWS\yacs.log
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif

scan completed successfully
hidden files: 44

**************************************************************************
.
Completion time: 2007-09-10 23:49:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 23:49
.
--- E O F ---












Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:27 AM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\system32\dllhost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\vvswwxdy.dll",forkonce
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.atribune.org
O15 - Trusted Zone: http://gameinvasion.comcast.net
O15 - Trusted Zone: http://secured2k.home.comcast.net
O15 - Trusted Zone: www.comcast.net
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O23 - Service: McAfee Application Installer Cleanup (0034791188711566) (0034791188711566mcinstcleanup) - Unknown owner - C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\003479~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 9654 bytes

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 11 September 2007 - 02:03 PM

Go to Start> Control Panel> Add or Remove Programs.

Remove the following programs, if they are present.
  • WhenU
    WhenU save now
  • Open a new notepad window (Start>All programs>accessories>notepad)
  • Highlight the contents of the below codebox and then press ctrl+c to copy it to the clipboard
    File::
    C:\WINDOWS\system32\mpqss.ini2
    C:\WINDOWS\system32\mpqss.bak2
    C:\WINDOWS\system32\mpqss.bak1
    C:\WINDOWS\system32\ssqpm.dll
    C:\WINDOWS\system32\xybeg.bak1
    Folder::
    C:\Program Files\DaemonTools_WhenUSave_Installer
    Registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2129816-8735-47A7-8056-19C10AF5E9BA}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE7FFE43-91B6-45A9-8B22-E8BD27DC8CCD}]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1D0D090-FE1A-4BB7-A418-36C23562E9DB}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
  • Paste the contents of the clipboard into the notepad window by pressing ctrl+v or edit>paste
  • Save it to the desktop as CFscript.txt
  • Now drag and drop CFscript.txt onto combofix.exe as in the picture below and follow the prompts:
    Posted Image
  • When finished, it shall produce a log for you. Post that log and a HiJackThis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall


#5 ShocktimusPrime1

ShocktimusPrime1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 11 September 2007 - 06:00 PM

Seems somewhat better already here goes


ComboFix 07-09-10.6 - "Owner" 2007-09-11 17:44:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1162 [GMT -5:00]
Command switches used :: C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Desktop\CFscript.txt
* Created a new restore point

FILE::
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\xybeg.bak1
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\DaemonTools_WhenUSave_Installer
C:\WINDOWS\system32\bffyobpv.dll
C:\WINDOWS\system32\bxtoagcb.dll
C:\WINDOWS\system32\fdncqxdu.exe
C:\WINDOWS\system32\kwhmelqw.exe
C:\WINDOWS\system32\lhckurld.dll
C:\WINDOWS\system32\mpqss.bak1
C:\WINDOWS\system32\mpqss.bak2
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\ssqpm.dll
C:\WINDOWS\system32\vpboyffb.ini
C:\WINDOWS\system32\vrlnuexm.exe
C:\WINDOWS\system32\xybeg.bak1


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-08-11 to 2007-09-11 )))))))))))))))))))))))))))))))
.

2007-09-10 23:34 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 19:39 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\.housecall6.6
2007-09-09 23:04 <DIR> d-------- C:\Program Files\Network Associates
2007-09-09 22:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-09 22:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-09 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-09 22:28 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-09 17:25 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-09 17:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Tools
2007-09-08 13:11 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee
2007-09-08 05:52 <DIR> d-------- C:\Program Files\OneStepSearch
2007-09-08 05:52 <DIR> d-------- C:\Program Files\filesubmit
2007-09-07 22:55 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll
2007-09-05 20:18 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\McAfee
2007-09-03 16:11 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\wsInspector
2007-09-03 15:56 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2007-09-02 00:40 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2007-09-02 00:39 71,496 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2007-09-02 00:39 37,480 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2007-09-02 00:39 34,184 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2007-09-02 00:39 32,008 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2007-09-02 00:39 170,408 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2007-09-02 00:39 109,608 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2007-09-02 00:24 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-02 00:20 <DIR> d-------- C:\Program Files\XCopyPSPPro
2007-09-02 00:20 <DIR> d-------- C:\Program Files\Total Video Converter
2007-09-01 23:40 <DIR> d-------- C:\Program Files\McAfee.com
2007-09-01 23:39 <DIR> d-------- C:\Program Files\McAfee
2007-09-01 23:39 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-09-01 20:59 <DIR> d-------- C:\Program Files\Shareaza
2007-09-01 20:59 <DIR> d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Shareaza
2007-09-01 20:35 <DIR> d-------- C:\Temp
2007-09-01 20:18 <DIR> d-------- C:\WINDOWS\ERUNT
2007-08-29 17:49 <DIR> d-------- C:\Program Files\PeerGuardian2
2007-08-14 19:33 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-08-11 05:21 <DIR> d-------- C:\WINDOWS\pss
2007-08-11 05:10 <DIR> d-------- C:\DECCHECK

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-11 17:36 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WholeSecurity
2007-09-10 22:55 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-10 21:06 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-09-09 05:55 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\uTorrent
2007-09-05 20:18 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-09-01 21:05 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Lavasoft
2007-08-31 19:57 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-08-11 04:50 --------- d-------- C:\Program Files\Steam
2007-08-10 18:24 --------- d-------- C:\Program Files\CyberLink
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-04 09:15 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\Nero
2007-08-04 09:08 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\DivX
2007-08-04 08:58 --------- d-------- C:\Program Files\DivX
2007-08-04 08:06 1972 --a------ C:\Program Files\installer.js
2007-08-04 05:21 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\dvdcss
2007-08-04 02:40 --------- d-------- C:\Program Files\SlySoft
2007-08-04 01:18 --------- d-------- C:\Program Files\Apex
2007-08-03 19:49 --------- d-------- C:\Program Files\Zune
2007-08-03 19:49 --------- d-------- C:\Program Files\DIFX
2007-08-03 19:49 --------- d-------- C:\Program Files\Common Files\ComponentOne
2007-07-31 16:34 --------- d-------- C:\Program Files\Common Files\EasyInfo
2007-07-29 11:20 --------- d-------- C:\Program Files\DAEMON Tools
2007-07-28 14:25 --------- d-------- C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\WinRAR
2007-07-26 23:44 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-26 20:06 --------- d-------- C:\Program Files\BigFix
2007-07-26 18:06 9464 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-26 18:06 9336 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-26 18:06 43528 --a------ C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-07-26 17:20 682232 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-07-23 23:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-07-23 22:39 --------- d-------- C:\Program Files\EA Games
2007-07-19 21:54 --------- d-------- C:\Program Files\Lionhead Studios
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-13 05:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-01-12 06:52 180224 --a------ C:\Program Files\nfastfath.exe
2002-07-26 17:02 153088 --a--c--- C:\Program Files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot_2007-09-10_234923.51 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 12,288 2006-10-17 17:58:32 C:\WINDOWS\system32\msfeedssync.exe
----a-w 62,548 2007-09-11 22:35:40 C:\WINDOWS\system32\perfc009.dat
----a-w 401,394 2007-09-11 22:35:40 C:\WINDOWS\system32\perfh009.dat
----a-w 406,016 2003-11-10 21:06:08 C:\WINDOWS\system32\PSDrvCheck.exe
----a-w 66,296 2007-07-26 23:06:18 C:\WINDOWS\system32\pxcpya64.exe
----a-w 120,056 2007-07-26 23:06:18 C:\WINDOWS\system32\pxcpyi64.exe
----a-w 72,440 2007-07-26 23:06:18 C:\WINDOWS\system32\pxhpinst.exe
----a-w 64,760 2007-07-26 23:06:18 C:\WINDOWS\system32\pxinsa64.exe
----a-w 118,520 2007-07-26 23:06:18 C:\WINDOWS\system32\pxinsi64.exe
----a-w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe
----a-w 28,672 2006-03-17 00:38:01 C:\WINDOWS\system32\verclsid.exe
----a-w 88,824 2007-07-26 23:06:18 C:\WINDOWS\system32\vxblock.dll
----a-w 336,768 2007-03-15 23:17:08 C:\WINDOWS\system32\WgaTray.exe
----a-w 206,336 2006-10-17 18:05:58 C:\WINDOWS\system32\WinFXDocObj.exe
----a-w 295,936 2006-10-19 03:47:20 C:\WINDOWS\system32\wmpeffects.dll
----a-w 613,376 2006-10-19 03:47:20 C:\WINDOWS\system32\wmpmde.dll
----a-w 130,048 2006-10-19 03:47:20 C:\WINDOWS\system32\wmpps.dll
----a-w 1,543,680 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVDECOD.dll
----a-w 1,574,912 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVENCOD.dll
----a-w 1,382,912 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVSDECD.dll
----a-w 767,488 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVSENCD.dll
----a-w 656,896 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVXENCD.dll
----a-w 2,603,008 2006-10-19 03:47:22 C:\WINDOWS\system32\WpdShext.dll
----a-w 17,408 2006-10-19 02:00:14 C:\WINDOWS\system32\wpdshextautoplay.exe
----a-w 38,400 2006-10-19 02:47:22 C:\WINDOWS\system32\wpdshextres.dll
----a-w 133,632 2006-10-19 03:47:22 C:\WINDOWS\system32\WPDShServiceObj.dll
----a-w 95,344 2006-09-29 02:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
----a-w 146,432 2006-09-29 00:56:38 C:\WINDOWS\system32\WudfHost.exe
----a-w 165,376 2006-09-29 00:56:16 C:\WINDOWS\system32\WudfPlatform.dll
----a-w 55,808 2006-09-29 00:56:14 C:\WINDOWS\system32\WudfSvc.dll
----a-w 316,416 2006-09-29 00:56:38 C:\WINDOWS\system32\WUDFx.dll
----a-w 121,856 2006-07-14 15:51:51 C:\WINDOWS\system32\xmllite.dll
-c--a-w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
----atw 16,384 2007-09-11 22:49:23 C:\WINDOWS\Temp\Perflib_Perfdata_a00.dat
.
------w 12,288 2006-10-17 17:58:32 C:\WINDOWS\system32\msfeedssync.exe
----a-w 62,228 2007-09-11 04:49:22 C:\WINDOWS\system32\perfc009.dat
----a-w 400,756 2007-09-11 04:49:23 C:\WINDOWS\system32\perfh009.dat
------w 406,016 2003-11-10 21:06:08 C:\WINDOWS\system32\PSDrvCheck.exe
------w 66,296 2007-07-26 23:06:18 C:\WINDOWS\system32\pxcpya64.exe
------w 120,056 2007-07-26 23:06:18 C:\WINDOWS\system32\pxcpyi64.exe
------w 72,440 2007-07-26 23:06:18 C:\WINDOWS\system32\pxhpinst.exe
------w 64,760 2007-07-26 23:06:18 C:\WINDOWS\system32\pxinsa64.exe
------w 118,520 2007-07-26 23:06:18 C:\WINDOWS\system32\pxinsi64.exe
------w 60,416 2007-07-18 12:42:22 C:\WINDOWS\system32\tzchange.exe
------w 28,672 2006-03-17 00:38:01 C:\WINDOWS\system32\verclsid.exe
------w 88,824 2007-07-26 23:06:18 C:\WINDOWS\system32\vxblock.dll
------w 336,768 2007-03-15 23:17:08 C:\WINDOWS\system32\WgaTray.exe
------w 206,336 2006-10-17 18:05:58 C:\WINDOWS\system32\WinFXDocObj.exe
------w 295,936 2006-10-19 03:47:20 C:\WINDOWS\system32\wmpeffects.dll
------w 613,376 2006-10-19 03:47:20 C:\WINDOWS\system32\wmpmde.dll
------w 130,048 2006-10-19 03:47:20 C:\WINDOWS\system32\wmpps.dll
------w 1,543,680 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVDECOD.dll
------w 1,574,912 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVENCOD.dll
------w 1,382,912 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVSDECD.dll
------w 767,488 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVSENCD.dll
------w 656,896 2006-10-19 03:47:22 C:\WINDOWS\system32\WMVXENCD.dll
------w 2,603,008 2006-10-19 03:47:22 C:\WINDOWS\system32\WpdShext.dll
------w 17,408 2006-10-19 02:00:14 C:\WINDOWS\system32\wpdshextautoplay.exe
------w 38,400 2006-10-19 02:47:22 C:\WINDOWS\system32\wpdshextres.dll
------w 133,632 2006-10-19 03:47:22 C:\WINDOWS\system32\WPDShServiceObj.dll
------w 95,344 2006-09-29 02:13:26 C:\WINDOWS\system32\WUDFCoinstaller.dll
------w 146,432 2006-09-29 00:56:38 C:\WINDOWS\system32\WudfHost.exe
------w 165,376 2006-09-29 00:56:16 C:\WINDOWS\system32\WudfPlatform.dll
------w 55,808 2006-09-29 00:56:14 C:\WINDOWS\system32\WudfSvc.dll
------w 316,416 2006-09-29 00:56:38 C:\WINDOWS\system32\WUDFx.dll
------w 121,856 2006-07-14 15:51:51 C:\WINDOWS\system32\xmllite.dll
-c----w 359,808 2006-04-20 11:51:50 C:\WINDOWS\system32\dllcache\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2007-06-29 00:43 C:\WINDOWS\system32\nwiz.exe]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-01-23 15:42]
"NapsterShell"="C:\Program Files\Napster\napster.exe" [2006-09-06 12:12]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2006-11-17 16:49]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2007-03-14 17:03]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [2007-01-16 13:59]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 11:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdebx]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqpm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayPal Virtual Debit Card]
C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalVDC.exe StartUp /dontopenmycards /AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

.
Contents of the 'Scheduled Tasks' folder
"2007-06-19 02:34:32 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-11 04:56:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-09-10 16:33:32 C:\WINDOWS\Tasks\defrag.job"
"2007-09-11 22:52:06 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-09-10 23:07:35 C:\WINDOWS\Tasks\now.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-11 17:50:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\WMPrfCHS.prx
C:\WINDOWS\wmprfptg.prx
C:\WINDOWS\WindowsShell.Manifest
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhelp.exe
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WinSxS
C:\WINDOWS\WMFDist11.log
C:\WINDOWS\wmp11.log
C:\WINDOWS\WMPrfAra.prx
C:\WINDOWS\WMPrfCHT.prx
C:\WINDOWS\wmprfcsy.prx
C:\WINDOWS\wmprfdan.prx
C:\WINDOWS\WMPrfDeu.prx
C:\WINDOWS\wmprfell.prx
C:\WINDOWS\wmprfesp.prx
C:\WINDOWS\wmprffin.prx
C:\WINDOWS\wmprffra.prx
C:\WINDOWS\wmprfheb.prx
C:\WINDOWS\wmprfhun.prx
C:\WINDOWS\wmprfita.prx
C:\WINDOWS\WMPrfJpn.prx
C:\WINDOWS\WMPrfKor.prx
C:\WINDOWS\wmprfnld.prx
C:\WINDOWS\wmprfnor.prx
C:\WINDOWS\wmprfplk.prx
C:\WINDOWS\wmprfptb.prx
C:\WINDOWS\wmprfrus.prx
C:\WINDOWS\wmprfsky.prx
C:\WINDOWS\wmprfslv.prx
C:\WINDOWS\wmprfsve.prx
C:\WINDOWS\wmprftrk.prx
C:\WINDOWS\wmsetup10.log
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\wpd99.drv
C:\WINDOWS\Wudf01000Inst.log
C:\WINDOWS\XCopyPro.INI
C:\WINDOWS\xpsp1hfm.log
C:\WINDOWS\yacs.log
C:\WINDOWS\Zapotec.bmp
C:\WINDOWS\_default.pif

scan completed successfully
hidden files: 44

**************************************************************************
.
Completion time: 2007-09-11 17:52:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-11 17:52
C:\ComboFix2.txt ... 2007-09-10 23:49
.
--- E O F ---

















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:48 PM, on 9/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OneStepSearch\onestep.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.atribune.org
O15 - Trusted Zone: http://gameinvasion.comcast.net
O15 - Trusted Zone: http://secured2k.home.comcast.net
O15 - Trusted Zone: www.comcast.net
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O20 - Winlogon Notify: fccdebx - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0034791188711566) (0034791188711566mcinstcleanup) - Unknown owner - C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\003479~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 10560 bytes

#6 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 12 September 2007 - 11:30 AM

Then please upload this file:

C:\WINDOWS\system32\drivers\TCPIP.SYS

To either jotti or virustotal & post the results as a reply to this topic

Copy the contents of the following codebox to a notepad window

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00

Save it to the desktop as fix.reg, making sure save as type is set to all files

Locate Fix.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt
  • Download GMER by GMER from here
  • Unzip it to a folder on your desktop
  • Double click on gmer.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic


#7 ShocktimusPrime1

ShocktimusPrime1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 12 September 2007 - 06:12 PM

Antivirus Version Last Update Result
AhnLab-V3 2007.9.13.0 2007.09.12 -
AntiVir 7.6.0.10 2007.09.12 -
Authentium 4.93.8 2007.09.12 -
Avast 4.7.1043.0 2007.09.12 -
AVG 7.5.0.485 2007.09.12 -
BitDefender 7.2 2007.09.13 -
CAT-QuickHeal 9.00 2007.09.12 -
ClamAV 0.91.2 2007.09.12 -
DrWeb 4.33 2007.09.12 -
eSafe 7.0.15.0 2007.09.12 -
eTrust-Vet 31.1.5128 2007.09.12 -
Ewido 4.0 2007.09.12 -
FileAdvisor 1 2007.09.13 -
Fortinet 3.11.0.0 2007.09.13 -
F-Prot 4.3.2.48 2007.09.12 -
F-Secure 6.70.13030.0 2007.09.12 -
Ikarus T3.1.1.12 2007.09.12 -
Kaspersky 4.0.2.24 2007.09.13 -
McAfee 5118 2007.09.12 -
Microsoft 1.2803 2007.09.12 -
NOD32v2 2525 2007.09.12 -
Norman 5.80.02 2007.09.12 -
Panda 9.0.0.4 2007.09.12 -
Prevx1 V2 2007.09.13 -
Rising 19.40.22.00 2007.09.12 -
Sophos 4.21.0 2007.09.12 -
Sunbelt 2.2.907.0 2007.09.13 -
Symantec 10 2007.09.13 -
TheHacker 6.1.10.184 2007.09.11 -
VBA32 3.12.2.4 2007.09.12 -
VirusBuster 4.3.26:9 2007.09.12 -
Webwasher-Gateway 6.0.1 2007.09.12 -
Additional information
File size: 359808 bytes
MD5: 1dbf125862891817f374f407626967f4
SHA1: a502d0d6c3a4dd995a3554347b04fbb51dd05901

#8 ShocktimusPrime1

ShocktimusPrime1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 12 September 2007 - 10:07 PM

Gmerrk.txt part 1:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-12 22:04:14
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwConnectPort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreatePort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwCreateWaitablePort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwRenameKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwSecureConnectPort
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\vsdatant.sys ZwTerminateProcess

Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C4C 80503B28 12 Bytes [ 70, 32, 20, A7, 00, 95, 20, ... ]
.text ntkrnlpa.exe!ZwYieldExecution 805040F8 7 Bytes JMP A693E5B8 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0BC4 7 Bytes JMP A693E5CE \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B19D2 5 Bytes JMP A693E5E4 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6F98 7 Bytes JMP A693E58E \SystemRoot\system32\drivers\mfehidk.sys
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified.
.text USBPORT.SYS!DllUnload B870462C 5 Bytes JMP 89BEB340
? System32\Drivers\a0sbrt53.SYS The system cannot find the file specified.
? C:\WINDOWS\System32\Drivers\jnv4_mib.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified.
? C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\catchme.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DE000A
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00DE007F
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00DE0F8A
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DE0064
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00DE0FA5
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00DE0FC0
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00DE0F6F
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00DE00B7
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DE00E3
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DE00C8
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00DE0F2F
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00DE0047
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00DE001B
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00DE0090
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00DE0036
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00DE0FDB
.text C:\WINDOWS\system32\services.exe[984] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00DE0F54
.text C:\WINDOWS\system32\services.exe[984] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00990033
.text C:\WINDOWS\system32\services.exe[984] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00990F91
.text C:\WINDOWS\system32\services.exe[984] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00990022
.text C:\WINDOWS\system32\services.exe[984] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00990011
.text C:\WINDOWS\system32\services.exe[984] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00990FAC
.text C:\WINDOWS\system32\services.exe[984] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00990058
.text C:\WINDOWS\system32\services.exe[984] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00990000
.text C:\WINDOWS\system32\services.exe[984] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00990FD1
.text C:\WINDOWS\system32\services.exe[984] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0096000A
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00720000
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0072008B
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00720FA0
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0072007A
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00720069
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00720058
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007200B7
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007200A6
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00720108
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007200E3
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00720F54
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00720FD1
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00720011
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00720F7B
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0072003D
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0072002C
.text C:\WINDOWS\system32\lsass.exe[996] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 007200D2
.text C:\WINDOWS\system32\lsass.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00710FC3
.text C:\WINDOWS\system32\lsass.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00710F86
.text C:\WINDOWS\system32\lsass.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00710FD4
.text C:\WINDOWS\system32\lsass.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\lsass.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00710F97
.text C:\WINDOWS\system32\lsass.exe[996] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00710039
.text C:\WINDOWS\system32\lsass.exe[996] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00710FEF
.text C:\WINDOWS\system32\lsass.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00710FB2
.text C:\WINDOWS\system32\lsass.exe[996] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00920F9E
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00920089
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00920078
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00920FAF
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00920040
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009200CB
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00920F83
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00920F43
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009200DC
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00920101
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00920051
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00920FE5
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 009200AE
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00920025
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00920FD4
.text C:\WINDOWS\system32\svchost.exe[1172] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00920F68
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00910F94
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00910F68
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00910FB9
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00910FD4
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0091001B
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00910FE5
.text C:\WINDOWS\system32\svchost.exe[1172] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00910F79
.text C:\WINDOWS\system32\svchost.exe[1172] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 008E0FEF
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00AD0000
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00AD0FAC
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00AD0FC7
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00AD00AB
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00AD008E
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00AD0062
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00AD0F80
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00AD0F91
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00AD00F4
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00AD00D9
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00AD010F
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00AD0073
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00AD001B
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00AD00BC
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00AD0047
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00AD0036
.text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00AD0F5B
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00AC001B
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00AC0F80
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00AC0FCA
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00AC0FDB
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00AC0047
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00AC0036
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00AC0000
.text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00AC0FAF
.text C:\WINDOWS\system32\svchost.exe[1236] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00AA000A
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02550FE5
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02550F79
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0255006E
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02550051
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02550F94
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0255002C
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02550F4B
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02550F5C
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02550F15
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02550F26
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 025500D3
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02550FA5
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 02550000
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02550093
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02550011
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02550FC0
.text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 025500A4
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 02540025
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 02540076
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 02540FD4
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0254000A
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 02540FB9
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 02540051
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 02540FEF
.text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 02540036
.text C:\WINDOWS\System32\svchost.exe[1364] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 02520FEF
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 02340FEF
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 02340FDE
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 02340FC3
.text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlW 42C7AB2D 5 Bytes JMP 02340FB2
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00640060
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00640F75
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00640F86
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00640F97
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0064002F
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0064007D
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00640F35
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00640098
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00640EFF
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 006400A9
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00640FB2
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00640FDE
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00640F50
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00640014
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00640FC3
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00640F10
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0063002C
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00630FAF
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0063001B
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0063006C
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00630FCA
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00630000
.text C:\WINDOWS\system32\svchost.exe[1408] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00630047
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C90FE5
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C90062
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C90051
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C90036
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C90F79
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C90025
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C90084
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C90F48
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C90F0D
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C900A6
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C900C1
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C90F9E
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C90000
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C90073
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C90FCA
.text C:\WINDOWS\System32\svchost.exe[1564] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C90095
.text C:\WINDOWS\System32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C80036
.text C:\WINDOWS\System32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C80087
.text C:\WINDOWS\System32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\System32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C80025
.text C:\WINDOWS\System32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C80062
.text C:\WINDOWS\System32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C80051
.text C:\WINDOWS\System32\svchost.exe[1564] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C8000A
.text C:\WINDOWS\System32\svchost.exe[1564] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C80FCA
.text C:\WINDOWS\System32\svchost.exe[1564] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C6000A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00970087
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00970076
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00970F9C
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00970FB9
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0097005B
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00970F50
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00970098
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009700E9
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 009700CE
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 009700FA
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00970FD4
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00970F77
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0097004A
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00970025
.text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 009700B3
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0096002C
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00960062
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0096001B
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00960000
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00960FA5
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00960FC0
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00960FE5
.text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 0096003D
.text C:\WINDOWS\system32\svchost.exe[1656] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0094000A
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C9009F
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C90084
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C90073
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C90062
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C90047
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C90F74
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C900BC
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C900F2
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C900D7
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C90F3E
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C90FB6
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C90F85
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C90036
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C9001B
.text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C90F59
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C80FD1
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C80F91
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C80022
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C80011
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C80FAC
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C8004E
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C80000
.text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C8003D
.text C:\WINDOWS\system32\svchost.exe[1732] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\svchost.exe[1732] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 00C50000
.text C:\WINDOWS\system32\svchost.exe[1732] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 00C50011
.text C:\WINDOWS\system32\svchost.exe[1732] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 00C50FDB
.text C:\WINDOWS\system32\svchost.exe[1732] WININET.dll!InternetOpenUrlW 42C7AB2D 5 Bytes JMP 00C5002C
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F6A
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F85
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0069
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0FAC
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A003D
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F28
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F4F
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0095
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0EFC
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0EE1
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A004E
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0000
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A007A
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A002C
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0011
.text C:\WINDOWS\system32\dllhost.exe[2860] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F17
.text C:\WINDOWS\system32\dllhost.exe[2860] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00290025
.text C:\WINDOWS\system32\dllhost.exe[2860] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0029004A
.text C:\WINDOWS\system32\dllhost.exe[2860] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00290FD4
.text C:\WINDOWS\system32\dllhost.exe[2860] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0029000A
.text C:\WINDOWS\system32\dllhost.exe[2860] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F8D
.text C:\WINDOWS\system32\dllhost.exe[2860] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FA8
.text C:\WINDOWS\system32\dllhost.exe[2860] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
.text C:\WINDOWS\system32\dllhost.exe[2860] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FB9
.text C:\WINDOWS\system32\dllhost.exe[2860] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00690FEF
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008B000A
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008B0F7C
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008B0071
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008B0F97
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008B0FB2
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008B0040
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008B0F5A
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008B0F6B
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008B0F2E
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008B0F3F
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008B0F1D
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 008B0FC3
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 008B0025
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 008B0096
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 008B0FD4
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 008B0FEF
.text C:\WINDOWS\system32\svchost.exe[2884] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 008B00BD
.text C:\WINDOWS\system32\svchost.exe[2884] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 008A0FA8
.text C:\WINDOWS\system32\svchost.exe[2884] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 008A0F68
.text C:\WINDOWS\system32\svchost.exe[2884] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 008A0FC3
.text C:\WINDOWS\system32\svchost.exe[2884] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 008A0FD4
.text C:\WINDOWS\system32\svchost.exe[2884] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 008A0F83
.text C:\WINDOWS\system32\svchost.exe[2884] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 008A0025
.text C:\WINDOWS\system32\svchost.exe[2884] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 008A0FEF
.text C:\WINDOWS\system32\svchost.exe[2884] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 008A0014
.text C:\WINDOWS\system32\svchost.exe[2884] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00860FEF
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 0086006C
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00860F77
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00860F88
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00860051
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00860FB9
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00860F4B
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00860087
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00860EFA
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00860F1F
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008600AE
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00860040
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00860FDE
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00860F5C
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 0086001B
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0086000A
.text C:\WINDOWS\system32\svchost.exe[2952] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00860F3A
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00850036
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00850FAC
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00850025
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00850FEF
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00850073
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00850058
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0085000A
.text C:\WINDOWS\system32\svchost.exe[2952] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00850047

#9 ShocktimusPrime1

ShocktimusPrime1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 12 September 2007 - 10:09 PM

Gmerrk.txt part 2:

.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0000
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F70
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F81
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A005B
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0096
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0F44
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0F22
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F33
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A0F07
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0011
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F55
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A002C
.text C:\WINDOWS\explorer.exe[5840] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A00A7
.text C:\WINDOWS\explorer.exe[5840] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00280022
.text C:\WINDOWS\explorer.exe[5840] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00280F91
.text C:\WINDOWS\explorer.exe[5840] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00280FDB
.text C:\WINDOWS\explorer.exe[5840] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00280011
.text C:\WINDOWS\explorer.exe[5840] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00280058
.text C:\WINDOWS\explorer.exe[5840] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00280047
.text C:\WINDOWS\explorer.exe[5840] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00280000
.text C:\WINDOWS\explorer.exe[5840] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00280FC0
.text C:\WINDOWS\explorer.exe[5840] WININET.dll!InternetOpenA 42C2C869 5 Bytes JMP 002B0FE5
.text C:\WINDOWS\explorer.exe[5840] WININET.dll!InternetOpenW 42C2CEA1 5 Bytes JMP 002B0000
.text C:\WINDOWS\explorer.exe[5840] WININET.dll!InternetOpenUrlA 42C306DD 5 Bytes JMP 002B0FC0
.text C:\WINDOWS\explorer.exe[5840] WININET.dll!InternetOpenUrlW 42C7AB2D 5 Bytes JMP 002B0FA5
.text C:\WINDOWS\explorer.exe[5840] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01240FEF

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EC0AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EC0C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EC0B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EC1748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EC161E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] 89C9BD70
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] 89C9B960
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 89C9BF40
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 89C9B770
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [A72079D0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [A7207EF0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [A7208050] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [A7207B40] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [A7207B40] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [A72079D0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [A7207EF0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [A7208050] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [A72079D0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [A7208050] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [A7207EF0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [A7207B40] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A7208050] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A7207EF0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A72079D0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 89C70660
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A7207B40] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A72079D0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A7207EF0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A7208050] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [A7208050] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [A7207EF0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [A7207B40] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [A72079D0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 89C70660
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [A7207B40] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [A7208050] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [A7207EF0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [A72079D0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[TDI.SYS!TdiRegisterDeviceObject] 89C70660
IAT \SystemRoot\system32\DRIVERS\nwlnknb.sys[TDI.SYS!TdiRegisterDeviceObject] 89C70660
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A72079D0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A7207B40] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A7208050] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A7207EF0] \??\C:\WINDOWS\system32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\nwlnkspx.sys[TDI.SYS!TdiRegisterDeviceObject] 89C70660

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 89E831E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 89E831E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B9CC01DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B9CC01DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B92F1BB0] jnv4_mib.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B9CC0454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B9CC01DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [A693FE01] mfehidk.sys

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 88A741E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 88A741E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [A7214C50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [B9BA00F0] kl1.sys

Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 89BE97A0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 89BE97A0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 89BE97A0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89BE97A0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 89BE97A0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 89BE97A0
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 89BE97A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 89EA01E8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 89EA01E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CREATE 89BD41E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_CLOSE 89BD41E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 89BD41E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89BD41E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_POWER 89BD41E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 89BD41E8
Device \Driver\usbehci \Device\USBPDO-1 IRP_MJ_PNP 89BD41E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [A7214C50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [B564F10E] Mpfp.sys

#10 ShocktimusPrime1

ShocktimusPrime1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 12 September 2007 - 10:16 PM

Gmerrk.txt part 3:

Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 89F111E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 89BD27A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 89BD27A0
Device \Driver\usbstor \Device\000000b0 IRP_MJ_CREATE 88A751E8
Device \Driver\usbstor \Device\000000b0 IRP_MJ_CLOSE 88A751E8
Device \Driver\usbstor \Device\000000b0 IRP_MJ_READ 88A751E8
Device \Driver\usbstor \Device\000000b0 IRP_MJ_WRITE 88A751E8
Device \Driver\usbstor \Device\000000b0 IRP_MJ_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b0 IRP_MJ_INTERNAL_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b0 IRP_MJ_POWER 88A751E8
Device \Driver\usbstor \Device\000000b0 IRP_MJ_SYSTEM_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b0 IRP_MJ_PNP 88A751E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 89BD27A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 89BD27A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL [B92ED6D0] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [B92ED900] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL [B92ED6D0] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [B92ED900] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL [B92ED6D0] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [B92ED900] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL [B92ED6D0] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL [B92ED900] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL [B92ED6D0] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL [B92ED900] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 89F0F1E8
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_CREATE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_CLOSE 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_DEVICE_CONTROL [B92ED6D0] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_INTERNAL_DEVICE_CONTROL [B92ED900] jnv4_mib.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_POWER 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SYSTEM_CONTROL 89F0F1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_PNP 89F0F1E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_CREATE 88A751E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_CLOSE 88A751E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_READ 88A751E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_WRITE 88A751E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_INTERNAL_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_POWER 88A751E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_SYSTEM_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b1 IRP_MJ_PNP 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_CREATE 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_CLOSE 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_READ 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_WRITE 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_INTERNAL_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_POWER 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_SYSTEM_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b2 IRP_MJ_PNP 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_CREATE 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_CLOSE 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_READ 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_WRITE 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_INTERNAL_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_POWER 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_SYSTEM_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000b3 IRP_MJ_PNP 88A751E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 88AE41E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 88AE41E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 88AE41E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 88AE41E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 88AE41E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 88AE41E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 88AE41E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 88AE41E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 88AE41E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 88AE41E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 88AE41E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 88AE41E8
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_CREATE [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_CREATE_NAMED_PIPE [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_CLOSE [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_READ [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_WRITE [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_QUERY_INFORMATION [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_SET_INFORMATION [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_QUERY_EA [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_SET_EA [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_FLUSH_BUFFERS [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_QUERY_VOLUME_INFORMATION [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_SET_VOLUME_INFORMATION [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_DIRECTORY_CONTROL [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_FILE_SYSTEM_CONTROL [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_DEVICE_CONTROL [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_INTERNAL_DEVICE_CONTROL [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_SHUTDOWN [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_LOCK_CONTROL [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_CLEANUP [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_CREATE_MAILSLOT [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_QUERY_SECURITY [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_SET_SECURITY [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_POWER [B9ECF712] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_SYSTEM_CONTROL [B9EF22C8] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_DEVICE_CHANGE [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_QUERY_QUOTA [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_SET_QUOTA [B9EF5AD2] sptd.sys
Device \Driver\PCI_NTPNP4600 \Device\00000085 IRP_MJ_PNP [B9EF3238] sptd.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [A7214C50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [B564F10E] Mpfp.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [A7214C50] vsdatant.sys

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [B564F10E] Mpfp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [B9BA00F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [B9BA00F0] kl1.sys

Gmerrk.txt part 4:

Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 89BE97A0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 89BE97A0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 89BE97A0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 89BE97A0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 89BE97A0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 89BE97A0
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 89BE97A0
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CREATE 89BD41E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_CLOSE 89BD41E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 89BD41E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89BD41E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_POWER 89BD41E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 89BD41E8
Device \Driver\usbehci \Device\USBFDO-1 IRP_MJ_PNP 89BD41E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ [B92F1BB0] jnv4_mib.sys
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 88A771E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [A7214C50] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [A7214C50] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ [B92F1BB0] jnv4_mib.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 88A771E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 88A771E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_CREATE 88A751E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_CLOSE 88A751E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_READ 88A751E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_WRITE 88A751E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_INTERNAL_DEVICE_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_POWER 88A751E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_SYSTEM_CONTROL 88A751E8
Device \Driver\usbstor \Device\000000ae IRP_MJ_PNP 88A751E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 89F111E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 89F111E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0D1C031F-55BF-4165-B8BD-ACA327635CED} IRP_MJ_CREATE 88AE41E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0D1C031F-55BF-4165-B8BD-ACA327635CED} IRP_MJ_CLOSE 88AE41E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0D1C031F-55BF-4165-B8BD-ACA327635CED} IRP_MJ_DEVICE_CONTROL 88AE41E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0D1C031F-55BF-4165-B8BD-ACA327635CED} IRP_MJ_INTERNAL_DEVICE_CONTROL 88AE41E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0D1C031F-55BF-4165-B8BD-ACA327635CED} IRP_MJ_CLEANUP 88AE41E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0D1C031F-55BF-4165-B8BD-ACA327635CED} IRP_MJ_PNP 88AE41E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531Port5Path0Target0Lun0 IRP_MJ_CREATE 89B451E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531Port5Path0Target0Lun0 IRP_MJ_CLOSE 89B451E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL [B92ED6D0] jnv4_mib.sys
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [B92ED900] jnv4_mib.sys
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531Port5Path0Target0Lun0 IRP_MJ_POWER 89B451E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 89B451E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531Port5Path0Target0Lun0 IRP_MJ_PNP 89B451E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 89E851E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 89E851E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL 89E851E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 89E851E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 89E851E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 89E851E8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 89E851E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531 IRP_MJ_CREATE 89B451E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531 IRP_MJ_CLOSE 89B451E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531 IRP_MJ_DEVICE_CONTROL [B92ED6D0] jnv4_mib.sys
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531 IRP_MJ_INTERNAL_DEVICE_CONTROL [B92ED900] jnv4_mib.sys
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531 IRP_MJ_POWER 89B451E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531 IRP_MJ_SYSTEM_CONTROL 89B451E8
Device \Driver\a0sbrt53 \Device\Scsi\a0sbrt531 IRP_MJ_PNP 89B451E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 88A741E8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 88A741E8

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [B9CC01DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [B9CC01DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [B92F1BB0] jnv4_mib.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [B9CC0454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [B9CC01DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [B9CB3F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [A693FE01] mfehidk.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [A693FE01] mfehidk.sys

Device \FileSystem\FltMgr \FileSystem\Filters\FltMgr IRP_MJ_READ [B92F1BB0] jnv4_mib.sys
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 89B2F1E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 89B2F1E8

---- Threads - GMER 1.0.13 ----

Thread 4:216 89CA18E0
Thread 4:220 89CA18E0
Thread 4:224 89C7A8D0
Thread 4:228 89C7A8D0
Thread 4:232 89C7A8D0
Thread 4:532 89CA18E0
Thread 4:696 89CA18E0

---- Registry - GMER 1.0.13 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.13 ----

ADS C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Local Settings\Application Data\Microsoft\Messenger\gshock48@hotmail.com\SharingMetadata\neologicmedia@hotmail.com\DFSR\Staging\CS{57D9C755-F0BA-5A2B-D924-B9C2304D0CFF}\39\1139-{CF5853FE-AD42-44A7-A11C-6194DEAAE79E}-v1139-{CF5853FE-AD42-44A7-A11C-6194DEAAE79E}-v1139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Local Settings\Application Data\Microsoft\Messenger\gshock48@hotmail.com\SharingMetadata\neologicmedia@hotmail.com\DFSR\Staging\CS{57D9C755-F0BA-5A2B-D924-B9C2304D0CFF}\39\1139-{CF5853FE-AD42-44A7-A11C-6194DEAAE79E}-v1139-{CF5853FE-AD42-44A7-A11C-6194DEAAE79E}-v1139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Local Settings\Application Data\Microsoft\Messenger\gshock48@hotmail.com\SharingMetadata\neologicmedia@hotmail.com\DFSR\Staging\CS{57D9C755-F0BA-5A2B-D924-B9C2304D0CFF}\39\1139-{CF5853FE-AD42-44A7-A11C-6194DEAAE79E}-v1139-{CF5853FE-AD42-44A7-A11C-6194DEAAE79E}-v1139-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.13 ----

#11 ShocktimusPrime1

ShocktimusPrime1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 12 September 2007 - 10:17 PM

WHEW!!
ok and for

gmerautos.txt:

GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-09-12 18:26:15
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
0034791188711566mcinstcleanup /*McAfee Application Installer Cleanup (0034791188711566)*/@ = C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\003479~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service /*file not found*/
aawservice /*Ad-Aware 2007 Service*/@ = "C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"
ehRecvr /*Media Center Receiver Service*/@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched /*Media Center Scheduler Service*/@ = C:\WINDOWS\eHome\ehSched.exe
EPSONStatusAgent2 /*EPSON Printer Status Agent2*/@ = C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
MBackMonitor /*MBackMonitor*/@ = C:\Program Files\McAfee\MBK\MBackMonitor.exe
McAfee HackerWatch Service /*McAfee HackerWatch Service*/@ = "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
mcmscsvc /*McAfee Services*/@ = C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
McNASvc /*McAfee Network Agent*/@ = "c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"
McODS /*McAfee Scanner*/@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
mcpromgr /*McAfee Protection Manager*/@ = C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
McProxy /*McAfee Proxy Service*/@ = c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
McrdSvc /*Media Center Extender Service*/@ = C:\WINDOWS\ehome\McrdSvc.exe
McRedirector /*McAfee Redirector Service*/@ = c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
McShield /*McAfee Real-time Scanner*/@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
McSysmon /*McAfee SystemGuards*/@ = C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
MpfService /*McAfee Personal Firewall Service*/@ = "C:\Program Files\McAfee\MPF\MPFSrv.exe"
MPS9 /*McAfee Privacy Service*/@ = C:\PROGRA~1\McAfee\MPS\mps.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
OneStep Search Service /*OneStep Search Service*/@ = "C:\Program Files\OneStepSearch\onestep.exe" "C:\Program Files\OneStepSearch\onestep.dll" Service
PrismXL /*PrismXL*/@ = C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
RMSvc /*Media Center Extender Resource Monitor*/@ = C:\WINDOWS\ehome\RMSvc.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
UStorage Server Service /*UStorage Server Service*/@ = C:\WINDOWS\system32\UStorSrv.exe /Service
vsmon /*TrueVector Internet Monitor*/@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
WinDefend /*Windows Defender*/@ = "C:\Program Files\Windows Defender\MsMpEng.exe"
WMPNetworkSvc /*Windows Media Player Network Sharing Service*/@ = "C:\Program Files\Windows Media Player\WMPNetwk.exe"
ZuneNetworkSvc /*Zune Network Sharing Service*/@ = "C:\Program Files\Zune\ZuneNss.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@USBToolTip"C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" = "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
@Windows Defender"C:\Program Files\Windows Defender\MSASCui.exe" -hide = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
@amd_dc_optC:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe = C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
@Zune Launcher"C:\Program Files\Zune\ZuneLauncher.exe" = "C:\Program Files\Zune\ZuneLauncher.exe"
@McAfee BackupC:\Program Files\McAfee\MBK\McAfeeDataBackup.exe = C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
@MBkLogOnHookC:\Program Files\McAfee\MBK\LogOnHook.exe = C:\Program Files\McAfee\MBK\LogOnHook.exe
@ZoneAlarm Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@WMPNSCFGC:\Program Files\Windows Media Player\WMPNSCFG.exe = C:\Program Files\Windows Media Player\WMPNSCFG.exe
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}C:\PROGRA~1\WIFD1F~1\MpShHook.dll = C:\PROGRA~1\WIFD1F~1\MpShHook.dll
@{4AA49418-D47E-47EB-AAD9-3FA5155F3025}(null) =

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{79BC0345-1015-11D2-A299-006008312725} /*blue.shell*/C:\Program Files\Pinnacle\Studio 10\programs\BlueShellExt.dll = C:\Program Files\Pinnacle\Studio 10\programs\BlueShellExt.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{D9872D13-7651-4471-9EEE-F0A00218BEBB} /*Multiscan*/C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
MCVSRIGHTCLICKSCANNER@{162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MCVSRIGHTCLICKSCANNER@{162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
ZLAVShExt@{D9872D13-7651-4471-9EEE-F0A00218BEBB} = C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
@{7DB2D5A0-7241-4E79-B68D-6309F01C5231}c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll = c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}C:\Program Files\Windows Live Toolbar\msntb.dll = C:\Program Files\Windows Live Toolbar\msntb.dll
@{CA6319C0-31B7-401E-A518-A07C3DB8F777}c:\windows\system32\BAE.dll = c:\windows\system32\BAE.dll
@{EAD3A971-6A23-4246-8691-C9244E858967}C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll = C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?linkid=677 = http://go.microsoft.com/fwlink/?LinkId=566...ink/?linkid=677
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0D1C031F-55BF-4165-B8BD-ACA327635CED} /*Local Area Connection*/ >>>
@IPAddress192.168.1.10 = 192.168.1.10
@NameServer192.168.1.1 = 192.168.1.1
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

---- EOF - GMER 1.0.13 ----

#12 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 14 September 2007 - 01:30 PM

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply


#13 ShocktimusPrime1

ShocktimusPrime1
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 15 September 2007 - 05:02 AM

Deckard's System Scanner v20070905.67
Run by Owner on 2007-09-15 04:57:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:05 AM, on 9/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OneStepSearch\onestep.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...ink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: PayPal Virtual Debit Card - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Virtual Debit Card\OToolbar.dll
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.atribune.org
O15 - Trusted Zone: http://gameinvasion.comcast.net
O15 - Trusted Zone: http://secured2k.home.comcast.net
O15 - Trusted Zone: www.comcast.net
O15 - Trusted Zone: http://onecare.live.com
O15 - Trusted Zone: www.msn.com
O15 - Trusted Zone: http://www.pandasecurity.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D1C031F-55BF-4165-B8BD-ACA327635CED}: NameServer = 192.168.1.1
O20 - Winlogon Notify: fccdebx - C:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0034791188711566) (0034791188711566mcinstcleanup) - Unknown owner - C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\003479~1.EXE (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10714 bytes

-- Files created between 2007-08-15 and 2007-09-15 -----------------------------

2007-09-13 21:08:00 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\Grisoft
2007-09-13 21:07:49 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-09-11 19:29:48 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-09-11 19:29:32 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-09-11 19:29:24 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2007-09-11 19:29:04 74396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-09-11 19:29:04 75932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-09-11 19:28:59 360480 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-11 19:28:25 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-09-11 19:27:42 0 d-------- C:\WINDOWS\Internet Logs
2007-09-10 19:39:07 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\.housecall6.6
2007-09-09 23:04:58 0 d-------- C:\Program Files\Network Associates
2007-09-09 22:53:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-09 22:47:32 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-09 22:39:45 0 d-------- C:\Program Files\Trend Micro
2007-09-09 22:28:17 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-09 17:38:09 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2007-09-09 17:25:11 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-09 17:24:57 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2007-09-08 13:11:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\McAfee
2007-09-08 05:52:51 0 d-------- C:\Program Files\OneStepSearch
2007-09-08 05:52:49 0 d-------- C:\Program Files\filesubmit
2007-09-05 20:18:55 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\McAfee
2007-09-03 16:11:02 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\wsInspector
2007-09-03 15:56:56 0 d-------- C:\Program Files\Startup Inspector for Windows
2007-09-02 00:40:48 143360 --a------ C:\WINDOWS\system32\dunzip32.dll <Not Verified; Inner Media, Inc.; DynaZIP-32 Multi-Threading UnZIP DLL>
2007-09-02 00:24:27 0 d-------- C:\Program Files\Lavasoft
2007-09-02 00:20:17 0 d-------- C:\Program Files\XCopyPSPPro
2007-09-02 00:20:14 0 d-------- C:\Program Files\Total Video Converter
2007-09-01 23:40:00 0 d-------- C:\Program Files\McAfee.com
2007-09-01 23:39:57 0 d-------- C:\Program Files\Common Files\McAfee
2007-09-01 23:39:53 0 d-------- C:\Program Files\McAfee
2007-09-01 22:37:54 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-09-01 20:59:01 0 d-------- C:\Program Files\Shareaza
2007-09-01 20:59:01 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\Shareaza
2007-09-01 20:35:23 0 d-------- C:\Temp
2007-09-01 20:18:01 0 d-------- C:\WINDOWS\ERUNT
2007-08-29 17:49:31 0 d-------- C:\Program Files\PeerGuardian2
2007-08-29 03:00:25 5242880 --a------ C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\ntuser.dat
2007-08-29 03:00:25 1310720 --a------ C:\Documents and Settings\LocalService\ntuser.dat


-- Find3M Report ---------------------------------------------------------------

2007-09-14 20:44:45 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\uTorrent
2007-09-13 07:29:14 0 d-------- C:\Program Files\Windows Live Safety Center
2007-09-12 18:02:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-09 22:47:32 0 d-------- C:\Program Files\Common Files
2007-09-02 00:18:49 0 d-------- C:\Program Files\Messenger
2007-09-01 21:05:12 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\Lavasoft
2007-08-14 19:33:28 0 d-------- C:\Program Files\MSXML 6.0
2007-08-11 04:50:53 0 d-------- C:\Program Files\Steam
2007-08-10 18:24:44 0 d-------- C:\Program Files\CyberLink
2007-08-04 09:15:50 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\Nero
2007-08-04 09:08:06 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\DivX
2007-08-04 08:58:54 0 d-------- C:\Program Files\DivX
2007-08-04 08:06:45 1972 --a------ C:\Program Files\installer.js
2007-08-04 05:21:27 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\dvdcss
2007-08-04 02:49:46 40 ---hs---- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\.zreglib
2007-08-04 02:40:45 0 d-------- C:\Program Files\SlySoft
2007-08-04 01:18:48 0 d-------- C:\Program Files\Apex
2007-08-03 19:49:49 0 d-------- C:\Program Files\Zune
2007-08-03 19:49:38 0 d-------- C:\Program Files\DIFX
2007-08-03 19:49:34 0 d-------- C:\Program Files\Common Files\ComponentOne
2007-07-31 16:34:57 0 d-------- C:\Program Files\Common Files\EasyInfo
2007-07-29 11:20:43 0 d-------- C:\Program Files\DAEMON Tools
2007-07-28 14:25:38 0 d-------- C:\Documents and Settings\Owner.YOUR-A79F8AE8CA\Application Data\WinRAR
2007-07-26 20:06:10 0 d-------- C:\Program Files\BigFix
2007-07-26 18:06:22 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 18:03:48 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-07-26 18:03:48 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-07-26 18:03:38 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-07-26 18:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
2007-07-26 18:03:38 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
2007-07-26 18:03:38 740442 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
2007-07-26 18:03:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-25 20:54:14 0 d-------- C:\Program Files\Java
2007-07-23 22:59:22 712 --a------ C:\WINDOWS\eReg.dat
2007-07-23 22:39:47 0 d-------- C:\Program Files\EA Games
2007-07-19 21:54:01 0 d-------- C:\Program Files\Lionhead Studios
2007-06-29 00:43:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-06-29 00:43:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-06-29 00:43:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-06-29 00:43:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-06-29 00:43:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-06-29 00:43:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-06-29 00:43:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-06-29 00:43:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-06-17 13:03:57 4381 --a----c- C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [01/23/2006 03:42 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [11/17/2006 04:49 PM]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [03/14/2007 05:03 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [06/21/2007 09:54 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [06/29/2007 12:43 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/10/2004 02:00 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [10/18/2006 09:05 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=NA

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccdebx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Extender Resource Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Extender Resource Monitor.lnk
backup=C:\WINDOWS\pss\Extender Resource Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PayPal Virtual Debit Card]
C:\Program Files\PayPal\PayPal Virtual Debit Card\PayPalVDC.exe StartUp /dontopenmycards /AutoStart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"c:\program files\steam\steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE QWAVE

*Newly Created Service* - AVGASCLN



-- End of Deckard's System Scanner: finished at 2007-09-15 04:58:39 ------------

#14 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:26 PM

Posted 15 September 2007 - 06:00 AM

Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O20 - Winlogon Notify: fccdebx - C:\WINDOWS\

Then close all windows except HijackThis and click Fix Checked

Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic, along with a new HijackThis log and a description of any remaining problems





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users