Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uacinit.dll


  • Please log in to reply
13 replies to this topic

#1 skeen87

skeen87

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 03 August 2009 - 02:22 AM

My malwarebytes picks up on it and says itll be removed upon restart but it doesnt happen. Its boggin me dowb really bad and my pc freezes frequently. Here is my malwarebytes log.

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

8/3/2009 2:19:15 AM
mbam-log-2009-08-03 (02-19-07).txt

Scan type: Quick Scan
Objects scanned: 95439
Time elapsed: 8 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:52 AM

Posted 03 August 2009 - 04:32 AM

Hello skeen87, lets see if we can find out a bit more about this infection. Please follow the steps below. If you dont understand something, dont hesitate to ask!

We need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop:
  • Extract RootRepeal.exe from the zip archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Edited by elise025, 03 August 2009 - 04:33 AM.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 03 August 2009 - 05:40 PM

Ok i try to run RootRepeal and this is what pops up "Could ot read the boot sector. Try adjusting the disk access level in the options dialog." I went into the options and raised it to highest level but every time itry to scan it says the same thing.

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:52 AM

Posted 04 August 2009 - 01:09 PM

Hi, sorry, been busy today, from tomorrow on I will be more available!

Lets try another rootkit scanner.

Please download Sysprot Antirootkit from here

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to.
  • Open the text file and copy/paste the log here.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 04 August 2009 - 02:17 PM

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\smss.exe
PID: 976
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe
PID: 1080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe
PID: 1104
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\services.exe
PID: 1152
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe
PID: 1164
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1420
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MsMpEng.exe
PID: 1720
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1764
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1816
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 1920
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe
PID: 672
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 700
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
PID: 724
Hidden: No
Window Visible: No

Name: C:\Program Files\HP Wireless Keyboard\Kmaestro.exe
PID: 2008
Hidden: No
Window Visible: No

Name: C:\WINDOWS\RTHDCPL.EXE
PID: 2020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\rundll32.exe
PID: 200
Hidden: No
Window Visible: No

Name: C:\Program Files\Razer\Tarantula\razerhid.exe
PID: 244
Hidden: No
Window Visible: No

Name: C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
PID: 272
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PID: 292
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
PID: 308
Hidden: No
Window Visible: No

Name: C:\Program Files\Windows Defender\MSASCui.exe
PID: 316
Hidden: No
Window Visible: No

Name: C:\Program Files\iTunes\iTunesHelper.exe
PID: 332
Hidden: No
Window Visible: No

Name: C:\Program Files\Winamp\winampa.exe
PID: 340
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgtray.exe
PID: 348
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
PID: 428
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe
PID: 420
Hidden: No
Window Visible: No

Name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PID: 476
Hidden: No
Window Visible: No

Name: C:\Program Files\DNA\btdna.exe
PID: 412
Hidden: No
Window Visible: No

Name: C:\Program Files\Registry Mechanic\RegMech.exe
PID: 812
Hidden: No
Window Visible: No

Name: C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSMonitor.exe
PID: 1532
Hidden: No
Window Visible: No

Name: C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
PID: 2192
Hidden: No
Window Visible: No

Name: C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
PID: 2424
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PID: 2612
Hidden: No
Window Visible: No

Name: C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PID: 2628
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PID: 2668
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
PID: 2692
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgfws8.exe
PID: 2708
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgam.exe
PID: 2748
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe
PID: 2764
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe
PID: 2776
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
PID: 3060
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 3084
Hidden: No
Window Visible: No

Name: C:\Program Files\Bonjour\mDNSResponder.exe
PID: 3160
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 3568
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\nvsvc32.exe
PID: 3980
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\PnkBstrA.exe
PID: 1944
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PID: 1360
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2084
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe
PID: 2140
Hidden: No
Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgemc.exe
PID: 2160
Hidden: No
Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgcsrvx.exe
PID: 2276
Hidden: No
Window Visible: No

Name: C:\Program Files\iPod\bin\iPodService.exe
PID: 3844
Hidden: No
Window Visible: No

Name: C:\WINDOWS\system32\alg.exe
PID: 2852
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4244
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4576
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 5644
Hidden: No
Window Visible: No

Name: C:\Program Files\BitTorrent\bittorrent.exe
PID: 5912
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 5952
Hidden: No
Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe
PID: 4672
Hidden: No
Window Visible: No

Name: C:\Documents and Settings\Owner\Desktop\New Folder\SysProt\SysProt.exe
PID: 5344
Hidden: No
Window Visible: Yes

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \systemroot\system32\drivers\UACyjcbbuwyvx.sys
Service Name: UACd.sys
Module Base: ---
Module End: ---
Hidden: Yes

Module Name: \??\C:\Documents and Settings\Owner\Desktop\New Folder\SysProt\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: B30DE000
Module End: B30E9000
Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe
Service Name: ---
Module Base: 804D7000
Module End: 806CF680
Hidden: No

Module Name: \WINDOWS\system32\hal.dll
Service Name: ---
Module Base: 806D0000
Module End: 806F0300
Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL
Service Name: ---
Module Base: BA5A8000
Module End: BA5AA000
Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll
Service Name: ---
Module Base: BA4B8000
Module End: BA4BB000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sptd.sys
Service Name: sptd
Module Base: B9EBD000
Module End: B9FA7000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS
Service Name: ---
Module Base: BA5AA000
Module End: BA5AC000
Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS
Service Name: ScsiPort
Module Base: B9EA5000
Module End: B9EBD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys
Service Name: ACPI
Module Base: B9E77000
Module End: B9EA5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys
Service Name: PCI
Module Base: B9E66000
Module End: B9E77000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: BA0A8000
Module End: BA0B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys
Service Name: PCIIde
Module Base: BA670000
Module End: BA671000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Service Name: ---
Module Base: BA328000
Module End: BA32F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aliide.sys
Service Name: AliIde
Module Base: BA5AC000
Module End: BA5AE000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cmdide.sys
Service Name: CmdIde
Module Base: BA5AE000
Module End: BA5B0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\toside.sys
Service Name: TosIde
Module Base: BA5B0000
Module End: BA5B2000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys
Service Name: ViaIde
Module Base: BA5B2000
Module End: BA5B4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys
Service Name: IntelIde
Module Base: BA5B4000
Module End: BA5B6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys
Service Name: MountMgr
Module Base: BA0B8000
Module End: BA0C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys
Service Name: Disk
Module Base: B9E47000
Module End: B9E66000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys
Service Name: PartMgr
Module Base: BA330000
Module End: BA335000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys
Service Name: VolSnap
Module Base: BA0C8000
Module End: BA0D5000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cpqarray.sys
Service Name: Cpqarray
Module Base: BA4BC000
Module End: BA4C0000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys
Service Name: atapi
Module Base: B9E2F000
Module End: B9E47000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aha154x.sys
Service Name: Aha154x
Module Base: BA4C0000
Module End: BA4C4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sparrow.sys
Service Name: Sparrow
Module Base: BA338000
Module End: BA33D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc810.sys
Service Name: symc810
Module Base: BA4C4000
Module End: BA4C8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78xx.sys
Service Name: aic78xx
Module Base: BA0D8000
Module End: BA0E6000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac960nt.sys
Service Name: dac960nt
Module Base: BA4C8000
Module End: BA4CC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql10wnt.sys
Service Name: Ql10wnt
Module Base: BA0E8000
Module End: BA0F1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amsint.sys
Service Name: amsint
Module Base: BA4CC000
Module End: BA4CF000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc.sys
Service Name: asc
Module Base: BA340000
Module End: BA347000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3550.sys
Service Name: asc3550
Module Base: BA4D0000
Module End: BA4D4000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\mraid35x.sys
Service Name: mraid35x
Module Base: BA348000
Module End: BA34D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\i2omp.sys
Service Name: i2omp
Module Base: BA350000
Module End: BA355000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ini910u.sys
Service Name: ini910u
Module Base: BA4D4000
Module End: BA4D8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1240.sys
Service Name: ql1240
Module Base: BA0F8000
Module End: BA102000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aic78u2.sys
Service Name: aic78u2
Module Base: BA108000
Module End: BA116000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\symc8xx.sys
Service Name: symc8xx
Module Base: BA358000
Module End: BA360000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_hi.sys
Service Name: sym_hi
Module Base: BA360000
Module End: BA367000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sym_u3.sys
Service Name: sym_u3
Module Base: BA368000
Module End: BA370000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Service Name: abp480n5
Module Base: BA370000
Module End: BA376000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\asc3350p.sys
Service Name: asc3350p
Module Base: BA378000
Module End: BA37E000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Service Name: cd20xrnt
Module Base: BA5B6000
Module End: BA5B8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ultra.sys
Service Name: ultra
Module Base: BA118000
Module End: BA121000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\adpu160m.sys
Service Name: adpu160m
Module Base: B9E16000
Module End: B9E2F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dpti2o.sys
Service Name: dpti2o
Module Base: BA380000
Module End: BA385000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1080.sys
Service Name: ql1080
Module Base: BA128000
Module End: BA132000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql1280.sys
Service Name: ql1280
Module Base: BA138000
Module End: BA144000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ql12160.sys
Service Name: ql12160
Module Base: BA148000
Module End: BA154000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2.sys
Service Name: perc2
Module Base: BA388000
Module End: BA38F000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\perc2hib.sys
Service Name: perc2hib
Module Base: BA5B8000
Module End: BA5BA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\hpn.sys
Service Name: hpn
Module Base: BA390000
Module End: BA397000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\cbidf2k.sys
Service Name: cbidf
Module Base: BA4D8000
Module End: BA4DC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\dac2w2k.sys
Service Name: dac2w2k
Module Base: B9DEA000
Module End: B9E16000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys
Service Name: ---
Module Base: BA158000
Module End: BA161000
Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Service Name: ---
Module Base: BA168000
Module End: BA175000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: B9DCA000
Module End: B9DEA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys
Service Name: sr
Module Base: B9DB8000
Module End: B9DCA000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PxHelp20.sys
Service Name: PxHelp20
Module Base: BA178000
Module End: BA182000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys
Service Name: KSecDD
Module Base: B9DA1000
Module End: B9DB8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys
Service Name: Ntfs
Module Base: B9D14000
Module End: B9DA1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys
Service Name: NDIS
Module Base: B9CE7000
Module End: B9D14000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sisagp.sys
Service Name: sisagp
Module Base: BA188000
Module End: BA192000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaagp.sys
Service Name: viaagp
Module Base: BA198000
Module End: BA1A3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys
Service Name: Mup
Module Base: B9CCD000
Module End: B9CE7000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\avgrkx86.sys
Service Name: AvgRkx86
Module Base: BA5BA000
Module End: BA5BC000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\AVGIDSErHr.sys
Service Name: AVGIDSErHr
Module Base: BA1A8000
Module End: BA1B1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agp440.sys
Service Name: agp440
Module Base: BA1B8000
Module End: BA1C3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\alim1541.sys
Service Name: alim1541
Module Base: BA1C8000
Module End: BA1D3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\amdagp.sys
Service Name: amdagp
Module Base: BA1D8000
Module End: BA1E3000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\agpCPQ.sys
Service Name: agpCPQ
Module Base: BA1E8000
Module End: BA1F3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Service Name: nv
Module Base: B8AE1000
Module End: B916B000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Service Name: ---
Module Base: B8ACD000
Module End: B8AE1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\parport.sys
Service Name: Parport
Module Base: B8AB9000
Module End: B8ACD000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: B91CB000
Module End: B91D0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Service Name: ---
Module Base: B8A95000
Module End: B8AB9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: B91C3000
Module End: B91CB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys
Service Name: Imapi
Module Base: B937E000
Module End: B9389000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Afc.sys
Service Name: Afc
Module Base: B91BB000
Module End: B91C3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Service Name: Cdrom
Module Base: B936E000
Module End: B937E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys
Service Name: redbook
Module Base: B935E000
Module End: B936D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys
Service Name: ---
Module Base: B8A72000
Module End: B8A95000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Service Name: GEARAspiWDM
Module Base: BA218000
Module End: BA222000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Service Name: HSFHWBS2
Module Base: B8A39000
Module End: B8A72000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Service Name: HSF_DPV
Module Base: B893C000
Module End: B8A39000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Service Name: winachsf
Module Base: B888C000
Module End: B893C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS
Service Name: Modem
Module Base: B91B3000
Module End: B91BB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: B8864000
Module End: B888C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Service Name: nvnetbus
Module Base: B9BBD000
Module End: B9BC1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Service Name: ---
Module Base: B881A000
Module End: B8864000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Service Name: ---
Module Base: B87E3000
Module End: B881A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
Service Name: AmdPPM
Module Base: BA228000
Module End: BA235000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
Service Name: Avgfwdx
Module Base: B91AB000
Module End: B91B1000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys
Service Name: audstub
Module Base: BA725000
Module End: BA726000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: BA238000
Module End: BA245000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: B9BB9000
Module End: B9BBC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: B87CC000
Module End: B87E3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: BA248000
Module End: BA253000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: BA258000
Module End: BA264000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Service Name: ---
Module Base: B91A3000
Module End: B91A8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys
Service Name: PSched
Module Base: B87BB000
Module End: B87CC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Service Name: Gpc
Module Base: BA268000
Module End: BA271000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Service Name: Ptilink
Module Base: B919B000
Module End: B91A0000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys
Service Name: Raspti
Module Base: B9193000
Module End: B9198000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Service Name: hamachi
Module Base: BA400000
Module End: BA405000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: BA278000
Module End: BA282000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Service Name: Kbdclass
Module Base: BA408000
Module End: BA40E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Service Name: Mouclass
Module Base: BA410000
Module End: BA416000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: BA5F8000
Module End: BA5FA000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys
Service Name: Update
Module Base: B875D000
Module End: B87BB000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: B9BA5000
Module End: B9BA9000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
Service Name: AmdLLD
Module Base: BA288000
Module End: BA296000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: BA298000
Module End: BA2A2000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: BA2A8000
Module End: BA2B7000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Service Name: ---
Module Base: BA5FE000
Module End: BA600000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Service Name: NVENETFD
Module Base: BA2B8000
Module End: BA2C1000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Service Name: IntcAzAudAddService
Module Base: B5DF8000
Module End: B61DD000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys
Service Name: ---
Module Base: B5DD4000
Module End: B5DF8000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys
Service Name: ---
Module Base: BA2C8000
Module End: BA2D7000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Service Name: i2omgmt
Module Base: B9177000
Module End: B917A000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: BA602000
Module End: BA604000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS
Service Name: Null
Module Base: BA7A4000
Module End: BA7A5000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Service Name: ---
Module Base: BA438000
Module End: BA43F000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys
Service Name: VgaSave
Module Base: BA440000
Module End: BA446000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Service Name: mnmdd
Module Base: BA604000
Module End: BA606000
Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: BA606000
Module End: BA608000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: BA448000
Module End: BA44D000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: BA450000
Module End: BA458000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Service Name: usbccgp
Module Base: BA480000
Module End: BA488000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: B9BFD000
Module End: B9C00000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Service Name: IPSec
Module Base: B5CEC000
Module End: B5CFF000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Service Name: Tcpip
Module Base: B5C93000
Module End: B5CEC000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys
Service Name: AvgTdiX
Module Base: B5C7A000
Module End: B5C93000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys
Service Name: NetBT
Module Base: B5C2A000
Module End: B5C52000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Service Name: WS2IFSL
Module Base: B9BF1000
Module End: B9BF4000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys
Service Name: AFD
Module Base: B5C08000
Module End: B5C2A000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: B9CBD000
Module End: B9CC6000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Service Name: SCDEmu
Module Base: BA488000
Module End: BA490000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Service Name: SASKUTIL
Module Base: B5BE3000
Module End: B5C08000
Hidden: No

Module Name: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Service Name: SASDIFSV
Module Base: BA490000
Module End: BA496000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Service Name: Rdbss
Module Base: B5BB8000
Module End: B5BE3000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Service Name: MRxSmb
Module Base: B5B20000
Module End: B5B90000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS
Service Name: Fips
Module Base: B9C7D000
Module End: B9C88000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Service Name: IpNat
Module Base: B5AFA000
Module End: B5B20000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: B9C6D000
Module End: B9C76000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Service Name: USBSTOR
Module Base: BA498000
Module End: BA49F000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: B916B000
Module End: B916E000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Service Name: ---
Module Base: B9C5D000
Module End: B9C66000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: BA588000
Module End: BA58C000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\LMPC4.SYS
Service Name: LMPC4
Module Base: BA4A0000
Module End: BA4A8000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: BA58C000
Module End: BA58F000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Service Name: AvgMfx86
Module Base: BA4A8000
Module End: BA4AE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys
Service Name: AvgLdx86
Module Base: B5A59000
Module End: B5AAA000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Service Name: Cdfs
Module Base: B93CE000
Module End: B93DE000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B5A19000
Module End: B5A31000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA66E000
Module End: BA670000
Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys
Service Name: ---
Module Base: B5BB0000
Module End: B5BB3000
Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys
Service Name: ---
Module Base: BA3F0000
Module End: BA3F5000
Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys
Service Name: ---
Module Base: BA690000
Module End: BA691000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Service Name: AegisP
Module Base: BA418000
Module End: BA41D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: B5291000
Module End: B5295000
Hidden: No

Module Name: \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys
Service Name: AVGIDSShim
Module Base: BA430000
Module End: BA435000
Hidden: No

Module Name: \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys
Service Name: AVGIDSFilter
Module Base: B5365000
Module End: B536F000
Hidden: No

Module Name: \??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys
Service Name: AVGIDSDriver
Module Base: B4FF5000
Module End: B501D000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\wdmaud.sys
Service Name: wdmaud
Module Base: B4B80000
Module End: B4B95000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sysaudio.sys
Service Name: sysaudio
Module Base: B4DDD000
Module End: B4DEC000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Service Name: MRxDAV
Module Base: B4793000
Module End: B47C0000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Service Name: ASCTRM
Module Base: BA61A000
Module End: BA61C000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ithsgt.sys
Service Name: ithsgt
Module Base: B44AE000
Module End: B44D6000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\lilsgt.sys
Service Name: lilsgt
Module Base: B450A000
Module End: B450D000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: B4502000
Module End: B4506000
Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys
Service Name: Srv
Module Base: B436C000
Module End: B43BE000
Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys
Service Name: HTTP
Module Base: B3EF3000
Module End: B3F34000
Hidden: No

Module Name: C:\WINDOWS\system32\drivers\kmixer.sys
Service Name: kmixer
Module Base: B2FB1000
Module End: B2FDC000
Hidden: No

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
Kernel Hooks:
Hooked Function: ZwFlushInstructionCache
At Address: 805ABEC4
Jump To: 8A1221DC
Module Name: _unknown_

Hooked Function: ZwEnumerateKey
At Address: 8061AB52
Jump To: 8A121FDC
Module Name: _unknown_

Hooked Function: IofCompleteRequest
At Address: 804EE1C0
Jump To: 8A121C23
Module Name: _unknown_

Hooked Function: IofCallDriver
At Address: 804EE130
Jump To: 8A121E63
Module Name: _unknown_

******************************************************************************************
******************************************************************************************
IRP Hooks:
Hooked Module: C:\WINDOWS\system32\drivers\perc2.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A46D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A46D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A46D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A46D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A46D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A46D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql10wnt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4EA1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql10wnt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4EA1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql10wnt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4EA1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql10wnt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4EA1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql10wnt.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4EA1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql10wnt.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4EA1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cbidf2k.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A46A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cbidf2k.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A46A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cbidf2k.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A46A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cbidf2k.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A46A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cbidf2k.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A46A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cbidf2k.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A46A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ini910u.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A47C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ini910u.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A47C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ini910u.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A47C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ini910u.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A47C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ini910u.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A47C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ini910u.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A47C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1280.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A46F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1280.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A46F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1280.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A46F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1280.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A46F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1280.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A46F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1280.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A46F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4E81E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4E81E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4E81E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4E81E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4E81E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4E81E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3350p.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4751E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3350p.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4751E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3350p.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4751E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3350p.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4751E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3350p.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4751E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3350p.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4751E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4741E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4741E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4741E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4741E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4741E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cd20xrnt.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4741E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A47E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A47E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A47E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A47E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A47E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\mraid35x.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A47E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A1462F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A1462F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_READ
Jump To: 8A1462F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A1462F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A1462F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A1462F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8A1462F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A1462F8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A2A41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A2A41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A2A41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A2A41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A2A41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A2A41E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4791E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4791E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4791E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4791E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4791E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc8xx.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4791E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ultra.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4731E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ultra.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4731E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ultra.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4731E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ultra.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4731E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ultra.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4731E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ultra.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4731E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78u2.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A47A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78u2.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A47A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78u2.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A47A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78u2.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A47A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78u2.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A47A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78u2.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A47A1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac960nt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A47F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac960nt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A47F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac960nt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A47F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac960nt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A47F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac960nt.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A47F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac960nt.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A47F1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4EE1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4721E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4721E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4721E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4721E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4721E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\adpu160m.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4721E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4771E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4771E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4771E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4771E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4771E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_u3.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4771E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4761E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4761E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4761E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4761E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4761E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ABP480N5.SYS
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4761E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1080.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1080.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1080.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1080.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1080.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1080.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4701E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\hpn.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A46B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\hpn.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A46B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\hpn.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A46B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\hpn.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A46B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\hpn.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A46B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\hpn.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A46B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc810.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4801E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc810.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4801E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc810.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4801E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc810.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4801E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc810.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4801E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\symc810.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4801E8
Hooking Module: _unknown_

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_CREATE
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_CLOSE
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_READ
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_WRITE
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_SET_EA
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_CLEANUP
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_POWER
Jump To: B9ECDEA8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: B9EF12C8
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP2094
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: B9EF4B0E
Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A1261E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A1261E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A1261E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A1261E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A1261E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql12160.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A46E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql12160.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A46E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql12160.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A46E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql12160.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A46E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql12160.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A46E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql12160.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A46E1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A28A5D0
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78xx.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4EB1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78xx.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4EB1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78xx.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4EB1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78xx.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4EB1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78xx.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4EB1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aic78xx.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4EB1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac2w2k.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac2w2k.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac2w2k.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac2w2k.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac2w2k.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dac2w2k.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4691E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\amsint.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4E91E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\amsint.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4E91E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\amsint.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4E91E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\amsint.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4E91E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\amsint.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4E91E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\amsint.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4E91E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A2A31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A2A31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A2A31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A2A31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A2A31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A2A31E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1240.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A47B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1240.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A47B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1240.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A47B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1240.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A47B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1240.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A47B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ql1240.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A47B1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sparrow.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4EC1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sparrow.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4EC1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sparrow.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4EC1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sparrow.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4EC1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sparrow.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4EC1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sparrow.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4EC1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4781E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4781E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4781E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4781E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4781E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\sym_hi.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4781E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_READ
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_WRITE
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_QUERY_INFORMATION
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_SET_INFORMATION
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_QUERY_EA
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_SET_EA
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_FLUSH_BUFFERS
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_DIRECTORY_CONTROL
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_SHUTDOWN
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_LOCK_CONTROL
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_CLEANUP
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_CREATE_MAILSLOT
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_QUERY_SECURITY
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_SET_SECURITY
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_DEVICE_CHANGE
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_QUERY_QUOTA
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\perc2hib.sys
Hooked IRP: IRP_MJ_SET_QUOTA
Jump To: 8A46C1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aha154x.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4811E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aha154x.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4811E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aha154x.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4811E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aha154x.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4811E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aha154x.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4811E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\aha154x.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4811E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A47D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A47D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A47D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A47D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A47D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\i2omp.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A47D1E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dpti2o.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4711E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dpti2o.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4711E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dpti2o.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4711E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dpti2o.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4711E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dpti2o.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4711E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\dpti2o.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4711E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3550.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4E71E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3550.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4E71E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3550.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4E71E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3550.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4E71E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3550.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4E71E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\asc3550.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4E71E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cpqarray.sys
Hooked IRP: IRP_MJ_CREATE
Jump To: 8A4821E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cpqarray.sys
Hooked IRP: IRP_MJ_CLOSE
Jump To: 8A4821E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cpqarray.sys
Hooked IRP: IRP_MJ_DEVICE_CONTROL
Jump To: 8A4821E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cpqarray.sys
Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL
Jump To: 8A4821E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cpqarray.sys
Hooked IRP: IRP_MJ_POWER
Jump To: 8A4821E8
Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\cpqarray.sys
Hooked IRP: IRP_MJ_SYSTEM_CONTROL
Jump To: 8A4821E8
Hooking Module: _unknown_

******************************************************************************************
******************************************************************************************

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:52 AM

Posted 05 August 2009 - 02:14 AM

Hi skeen87,

First, please note the following....

P2P WARNING
-------------------
Going over your logs I noticed that you have/had Bittorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Bittorrent, if it is still installed, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs. If you uninstalled Bittorrent, please make sure that Bittorrent DNA is uninstalled as well (it is a separate component of the program and has a separate uninstall entry, usually Bittorrent DNA or simply DNA).

If you wish to keep it, please do not use it until your computer is cleaned.


I notice the presence of Registry Mechanic Registry Cleaner on your pc.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.


http://miekiemoes.blogspot.com/2008/02/reg...weaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html


The good news is that Sysprot showed the UAC rootkit driver, the bad news is that we cant unhook it with Sysprot, we will need to try that with Rootrepeal. Please try to run Rootrepeal in safemode (instructions are in my first post) and post the log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 06 August 2009 - 01:47 AM

Thus far I have been unable to boot into safe mode. I will continue to try probably to no avail.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:52 AM

Posted 06 August 2009 - 02:07 AM

Hi skeen87, lets try something else to get RootRepeal to do what we want.

Use the instructions for RootRepeal I gave you in my first post, but at step 6, instead of all seven boxes, only check the box named Drivers.

Please post the log that is generated.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 06 August 2009 - 09:49 PM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/06 21:49
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ABP480N5.SYS
Image Path: ABP480N5.SYS
Address: 0xBA370000 Size: 23552 File Visible: - Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9E77000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: adpu160m.sys
Address: 0xB9E16000 Size: 101888 File Visible: - Signed: -
Status: -

Name: AegisP.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AegisP.sys
Address: 0xBA470000 Size: 19008 File Visible: - Signed: -
Status: -

Name: Afc.sys
Image Path: C:\WINDOWS\system32\drivers\Afc.sys
Address: 0xBA400000 Size: 32768 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB5BC5000 Size: 138496 File Visible: - Signed: -
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xBA1B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: agpCPQ.sys
Image Path: agpCPQ.sys
Address: 0xBA1E8000 Size: 44928 File Visible: - Signed: -
Status: -

Name: aha154x.sys
Image Path: aha154x.sys
Address: 0xBA4C0000 Size: 12800 File Visible: - Signed: -
Status: -

Name: aic78u2.sys
Image Path: aic78u2.sys
Address: 0xBA108000 Size: 55168 File Visible: - Signed: -
Status: -

Name: aic78xx.sys
Image Path: aic78xx.sys
Address: 0xBA0D8000 Size: 56960 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: aliide.sys
Address: 0xBA5AC000 Size: 5248 File Visible: - Signed: -
Status: -

Name: alim1541.sys
Image Path: alim1541.sys
Address: 0xBA1C8000 Size: 42752 File Visible: - Signed: -
Status: -

Name: amdagp.sys
Image Path: amdagp.sys
Address: 0xBA1D8000 Size: 43008 File Visible: - Signed: -
Status: -

Name: AmdLLD.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
Address: 0xBA2D8000 Size: 57344 File Visible: - Signed: -
Status: -

Name: AmdPPM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
Address: 0xBA278000 Size: 53248 File Visible: - Signed: -
Status: -

Name: amsint.sys
Image Path: amsint.sys
Address: 0xBA4CC000 Size: 12032 File Visible: - Signed: -
Status: -

Name: asc.sys
Image Path: asc.sys
Address: 0xBA340000 Size: 26496 File Visible: - Signed: -
Status: -

Name: asc3350p.sys
Image Path: asc3350p.sys
Address: 0xBA378000 Size: 22400 File Visible: - Signed: -
Status: -

Name: asc3550.sys
Image Path: asc3550.sys
Address: 0xBA4D0000 Size: 14848 File Visible: - Signed: -
Status: -

Name: ASCTRM.SYS
Image Path: C:\WINDOWS\System32\Drivers\ASCTRM.SYS
Address: 0xBA614000 Size: 7488 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9E2F000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA738000 Size: 3072 File Visible: - Signed: -
Status: -

Name: avgfwdx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
Address: 0xBA410000 Size: 23808 File Visible: - Signed: -
Status: -

Name: AVGIDSDriver.sys
Image Path: C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys
Address: 0xB4FDA000 Size: 163840 File Visible: - Signed: -
Status: -

Name: AVGIDSErHr.sys
Image Path: AVGIDSErHr.sys
Address: 0xBA1A8000 Size: 36864 File Visible: - Signed: -
Status: -

Name: AVGIDSFilter.sys
Image Path: C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys
Address: 0xB514A000 Size: 40960 File Visible: - Signed: -
Status: -

Name: AVGIDSShim.sys
Image Path: C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys
Address: 0xBA4A8000 Size: 19616 File Visible: - Signed: -
Status: -

Name: avgldx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgldx86.sys
Address: 0xB5A16000 Size: 328576 File Visible: - Signed: -
Status: -

Name: avgmfx86.sys
Image Path: C:\WINDOWS\System32\Drivers\avgmfx86.sys
Address: 0xBA3E0000 Size: 21120 File Visible: - Signed: -
Status: -

Name: avgrkx86.sys
Image Path: avgrkx86.sys
Address: 0xBA5BA000 Size: 5888 File Visible: - Signed: -
Status: -

Name: avgtdix.sys
Image Path: C:\WINDOWS\System32\Drivers\avgtdix.sys
Address: 0xB5C0F000 Size: 101888 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: cbidf2k.sys
Image Path: cbidf2k.sys
Address: 0xBA4D8000 Size: 13952 File Visible: - Signed: -
Status: -

Name: cd20xrnt.sys
Image Path: cd20xrnt.sys
Address: 0xBA5B6000 Size: 7680 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB9706000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA248000 Size: 62976 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA168000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: cmdide.sys
Address: 0xBA5AE000 Size: 6656 File Visible: - Signed: -
Status: -

Name: cpqarray.sys
Image Path: cpqarray.sys
Address: 0xBA4BC000 Size: 14976 File Visible: - Signed: -
Status: -

Name: dac2w2k.sys
Image Path: dac2w2k.sys
Address: 0xB9DEA000 Size: 179584 File Visible: - Signed: -
Status: -

Name: dac960nt.sys
Image Path: dac960nt.sys
Address: 0xBA4C8000 Size: 14720 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA158000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dpti2o.sys
Image Path: dpti2o.sys
Address: 0xBA380000 Size: 20192 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA318000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB59D6000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA66A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB5C94000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA78D000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xB9766000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9DCA000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA600000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9E47000 Size: 125056 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBA268000 Size: 40960 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806D0000 Size: 131840 File Visible: - Signed: -
Status: -

Name: hamachi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hamachi.sys
Address: 0xBA430000 Size: 18560 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8871000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xB9C6D000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA480000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB9BE9000 Size: 10368 File Visible: - Signed: -
Status: -

Name: hpn.sys
Image Path: hpn.sys
Address: 0xBA390000 Size: 25952 File Visible: - Signed: -
Status: -

Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
Address: 0xB8899000 Size: 717952 File Visible: - Signed: -
Status: -

Name: HSF_DPV.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
Address: 0xB8949000 Size: 1035008 File Visible: - Signed: -
Status: -

Name: HSFHWBS2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
Address: 0xB8A46000 Size: 231168 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB346C000 Size: 264832 File Visible: - Signed: -
Status: -

Name: i2omgmt.SYS
Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS
Address: 0xBA590000 Size: 8576 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: i2omp.sys
Address: 0xBA350000 Size: 18560 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA238000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ini910u.sys
Image Path: ini910u.sys
Address: 0xBA4D4000 Size: 16000 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xBA5B4000 Size: 5504 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB5AB7000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB5C81000 Size: 75264 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: ithsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ithsgt.sys
Address: 0xB3A77000 Size: 162432 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA438000 Size: 24576 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Address: 0xBA59C000 Size: 14592 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB32D9000 Size: 172416 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8A7F000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9DA1000 Size: 92288 File Visible: - Signed: -
Status: -

Name: lilsgt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lilsgt.sys
Address: 0xB39B3000 Size: 12032 File Visible: - Signed: -
Status: -

Name: LMPC4.SYS
Image Path: C:\WINDOWS\System32\Drivers\LMPC4.SYS
Address: 0xBA3D8000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mdmxsdk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
Address: 0xB39AF000 Size: 12544 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA602000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA408000 Size: 30080 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA440000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xBA5A0000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: mraid35x.sys
Address: 0xBA348000 Size: 17280 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB3C7F000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB5ADD000 Size: 455296 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA490000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA2B8000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xB9198000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9CCD000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9CE7000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB9B9D000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB526A000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB87D9000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA2E8000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xB9C5D000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB5BE7000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA498000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D14000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA7B7000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 5783552 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB8AEE000 Size: 6854464 File Visible: - Signed: -
Status: -

Name: NVENETFD.sys
Image Path: C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xBA308000 Size: 34048 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xB9BA1000 Size: 12928 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xB8827000 Size: 303104 File Visible: - Signed: -
Status: -

Name: NVSNPU.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\NVSNPU.SYS
Address: 0xB87F0000 Size: 225280 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB8AC6000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9E66000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_NTPNP8382
Image Path: \Driver\PCI_NTPNP8382
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: perc2.sys
Image Path: perc2.sys
Address: 0xBA388000 Size: 27296 File Visible: - Signed: -
Status: -

Name: perc2hib.sys
Image Path: perc2hib.sys
Address: 0xBA5B8000 Size: 5504 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB5D91000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB87C8000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA420000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA178000 Size: 37376 File Visible: - Signed: -
Status: -

Name: ql1080.sys
Image Path: ql1080.sys
Address: 0xBA128000 Size: 40320 File Visible: - Signed: -
Status: -

Name: ql10wnt.sys
Image Path: ql10wnt.sys
Address: 0xBA0E8000 Size: 33152 File Visible: - Signed: -
Status: -

Name: ql12160.sys
Image Path: ql12160.sys
Address: 0xBA148000 Size: 45312 File Visible: - Signed: -
Status: -

Name: ql1240.sys
Image Path: ql1240.sys
Address: 0xBA0F8000 Size: 40448 File Visible: - Signed: -
Status: -

Name: ql1280.sys
Image Path: ql1280.sys
Address: 0xBA138000 Size: 49024 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB9BE5000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA288000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA298000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA2A8000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA428000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB5B4D000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA604000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA258000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3179000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xB5DB5000 Size: 4083712 File Visible: - Signed: -
Status: -

Name: SASDIFSV.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
Address: 0xBA3D0000 Size: 24576 File Visible: - Signed: -
Status: -

Name: SASENUM.SYS
Image Path: C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
Address: 0xB5AAF000 Size: 20480 File Visible: - Signed: -
Status: -

Name: SASKUTIL.sys
Image Path: C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
Address: 0xB5B78000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SCDEmu.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCDEmu.SYS
Address: 0xBA3C8000 Size: 30560 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB9EA5000 Size: 98304 File Visible: - Signed: -
Status: -

Name: sisagp.sys
Image Path: sisagp.sys
Address: 0xBA188000 Size: 40960 File Visible: - Signed: -
Status: -

Name: sparrow.sys
Image Path: sparrow.sys
Address: 0xBA338000 Size: 19072 File Visible: - Signed: -
Status: -

Name: sptd.sys
Image Path: sptd.sys
Address: 0xB9EBD000 Size: 958464 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9DB8000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB38BD000 Size: 333824 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5F2000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: sym_hi.sys
Address: 0xBA360000 Size: 28384 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: sym_u3.sys
Address: 0xBA368000 Size: 30688 File Visible: - Signed: -
Status: -

Name: symc810.sys
Image Path: symc810.sys
Address: 0xBA4C4000 Size: 16256 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: symc8xx.sys
Address: 0xBA358000 Size: 32640 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB509A000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB5C28000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA418000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA2C8000 Size: 40704 File Visible: - Signed: -
Status: -

Name: toside.sys
Image Path: toside.sys
Address: 0xBA5B0000 Size: 4992 File Visible: - Signed: -
Status: -

Name: ultra.sys
Image Path: ultra.sys
Address: 0xBA118000 Size: 36736 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB876A000 Size: 384768 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xBA460000 Size: 32128 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5FA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA3F8000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA2F8000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBA3F0000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8AA2000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBA468000 Size: 26368 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA488000 Size: 20992 File Visible: - Signed: -
Status: -

Name: viaagp.sys
Image Path: viaagp.sys
Address: 0xBA198000 Size: 42240 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: viaide.sys
Address: 0xBA5B2000 Size: 5376 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8ADA000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB9756000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xB6732000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB4E85000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2066048 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: C:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xB9BD9000 Size: 12032 File Visible: - Signed: -
Status: -

==EOF==

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:52 AM

Posted 07 August 2009 - 12:22 AM

Okay, didnt show up there, please do the same thing, but now only check the box named Hidden Services.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 07 August 2009 - 12:43 AM

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/07 00:42
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Hidden Services
-------------------
==EOF==

after i rn it it said could not read registry

Edited by skeen87, 07 August 2009 - 12:47 AM.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:52 AM

Posted 07 August 2009 - 03:06 AM

Okay, I am afraid we are not gonna be able to fix this without specific tools, which we are not allowed to run in this forum. Therefore I would recommend you to start a topic in the HJT forum. You might have to wait a few days for a reply, but the tools used there can do much more than what we are allowed here.

I would like you to start a new thread HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 skeen87

skeen87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:52 PM

Posted 07 August 2009 - 06:23 AM

I have started the new topic here http://www.bleepingcomputer.com/forums/t/247515/uacinitdll/

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,816 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:02:52 AM

Posted 07 August 2009 - 07:39 AM

Please read my previous post. Please read in the Getting Started topic the part about posting a DDS log and post that in your new topic.

Do NOT post a log here!!!!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users