Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All Kinds Of Popups Not Sure Why.


  • Please log in to reply
23 replies to this topic

#1 Keith Tomlin

Keith Tomlin

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 09 June 2006 - 08:25 AM

Thank you so much in advance....I not sure what is going on.... My ISP is Charter....which they have their own virus & spyware programs....I did DL search & destory along with ad-aware & striger360. Still having problems. I also did a online scanner with housecall.
Thanks Keith

Logfile of HijackThis v1.99.1
Scan saved at 8:04:10 AM, on 6/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Atomic Clock Sync\Atomic.exe
C:\WINDOWS\system32\WISPTIS.EXE
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 209.67.209.50 test3201.winmx.com test3203.winmx.com test3205.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3202.winmx.com test3204.winmx.com test3206.winmx.com test3208.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: snipemon.LNK = C:\Program Files\BidSage\snipemon.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111458597390
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com//hostedimages/activ...oad/XUpload.ocx
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F3D69634-67FF-4CA6-B39E-7DC11ED9676F} (VoiceRecCtrl Class) - http://members.sellersvoice.com/activereco...dRecControl.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 June 2006 - 09:05 PM

Hi Keith Tomlin and Welcome to the Bleeping Computer!


First thing I should let you know is WinMX is one of the more dangerous P2P apps out there.


Download GMER from Here

Right Click the Zip and Select "Extract All"

Double Click gmer.exe to launch the program.

Click on the Rootkit Tab and then click Scan.

It takes a while to run,once complete,copy the results to notepad and save them somewhere safe.

Post those results in the next reply.

#3 Keith Tomlin

Keith Tomlin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 11 June 2006 - 12:46 PM

thank you so much for replying...sorry it took me so long to get back to you.......i have had someone sick 7 in the Hospital....here is the log

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-06-11 12:39:54
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcess
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcessEx
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateSection
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateThread
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwWriteVirtualMemory

---- Devices - GMER 1.0.10 ----

Device \Driver\USBSTOR \Device\0000009b IRP_MJ_SHUTDOWN [F88F7D60] sfsync02.sys
Device \Driver\USBSTOR \Device\0000009c IRP_MJ_SHUTDOWN [F88F7D60] sfsync02.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP_POWER [F83659E8] fsdfw.sys
Device \Driver\USBSTOR \Device\000000a0 IRP_MJ_SHUTDOWN [F88F7D60] sfsync02.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP_POWER [F83659E8] fsdfw.sys
Device \Driver\USBSTOR \Device\000000a1 IRP_MJ_SHUTDOWN [F88F7D60] sfsync02.sys
Device \Driver\USBSTOR \Device\000000a2 IRP_MJ_SHUTDOWN [F88F7D60] sfsync02.sys
Device \Driver\USBSTOR \Device\000000a3 IRP_MJ_SHUTDOWN [F88F7D60] sfsync02.sys
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8253F008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 8253F008
Device \Driver\USBSTOR \Device\000000a4 IRP_MJ_SHUTDOWN [F88F7D60] sfsync02.sys
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8253F008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 8253F008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82330008
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82330008
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSEIRP_MJ_READ 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 82330008
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP_POWER 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLOSEIRP_MJ_READ 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_WRITE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_EA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_EA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FLUSH_BUFFERS 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DIRECTORY_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SHUTDOWN 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_LOCK_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CLEANUP 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_CREATE_MAILSLOT 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_SECURITY 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_POWER 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SYSTEM_CONTROL 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_DEVICE_CHANGE 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_QUERY_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_SET_QUOTA 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_PNP 82330008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 IRP_MJ_PNP_POWER 82330008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8253F008
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8253F008
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP_POWER 8253F008
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSEIRP_MJ_READ [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP_POWER [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSEIRP_MJ_READ [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP_POWER [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSEIRP_MJ_READ [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP [F83659E8] fsdfw.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP_POWER [F83659E8] fsdfw.sys
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_WRITE 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_EA 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82212520
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Tar

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 01:07 PM

Ill assume you got no warnings from gmer about rootkit activity?


Lets try this,go to the HijackThis folder and rename HijackThis.exe to Scan.exe

Double Click Scan.exe and run HijackThis and Save the log.

Post those results.

#5 Keith Tomlin

Keith Tomlin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 11 June 2006 - 06:12 PM

No warnings came up when I ran GMER rootkit.....I renamed hijackthis scan here is the results. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 6:05:34 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\Scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 209.67.209.50 test3201.winmx.com test3203.winmx.com test3205.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3202.winmx.com test3204.winmx.com test3206.winmx.com test3208.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6E8B110E-BA58-477F-8547-5777FC51905B} - C:\WINDOWS\system32\geebb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: snipemon.LNK = C:\Program Files\BidSage\snipemon.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111458597390
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com//hostedimages/activ...oad/XUpload.ocx
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F3D69634-67FF-4CA6-B39E-7DC11ED9676F} (VoiceRecCtrl Class) - http://members.sellersvoice.com/activereco...dRecControl.cab
O20 - Winlogon Notify: geebb - C:\WINDOWS\system32\geebb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 11 June 2006 - 06:44 PM

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens,Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 2 entries below into the top 2 boxes
    • C:\WINDOWS\system32\geebb.dll
    • C:\WINDOWS\system32\bbeeg.*
  • Click Add Files and Click Close Window
  • Click Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.


#7 Keith Tomlin

Keith Tomlin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 11 June 2006 - 09:44 PM

Ok....thanks.....here is the vundofix.txt


VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.2

Scan started at 9:29:33 PM 6/11/2006

Listing files found while scanning....


C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\geebb.dll
Attempting to delete C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebb.dll Has been deleted!

Performing Repairs to the registry.
Done!


Here it the new Hijackthis log


Logfile of HijackThis v1.99.1
Scan saved at 9:41:00 PM, on 6/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\Scan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 209.67.209.50 test3201.winmx.com test3203.winmx.com test3205.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3202.winmx.com test3204.winmx.com test3206.winmx.com test3208.winmx.com
O1 - Hosts: 209.67.209.50 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 82.195.155.5 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {6E8B110E-BA58-477F-8547-5777FC51905B} - C:\WINDOWS\system32\geebb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Startup: snipemon.LNK = C:\Program Files\BidSage\snipemon.exe
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Suspend Webpage Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Deny this website - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Allow this website - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\ieshield.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-3-30.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1111458597390
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.com//hostedimages/activ...oad/XUpload.ocx
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F3D69634-67FF-4CA6-B39E-7DC11ED9676F} (VoiceRecCtrl Class) - http://members.sellersvoice.com/activereco...dRecControl.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Charter High-Speed Security Suite (BackWeb Plug-in - 3528733) - BackWeb Technologies Inc. - C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS (fsbwsys) - F-Secure Corp. - C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSPC\fshttps\fshttps.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2006 - 04:12 AM

Download The Hoster from here:
http://www.funkytoad.com/download/hoster.zip

Right Click the Zip Folder and Select "Extract All"

Open Hoster and Make sure that the "Make Hosts Writable?" button in the upper right corner is Enabled

Click "Back up Host files"

Press "Restore Original Hosts" and press "OK"

Exit the Program.


Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: (no name) - {6E8B110E-BA58-477F-8547-5777FC51905B} - C:\WINDOWS\system32\geebb.dll (file missing)

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/platypus/miniclipGameLoader.dll

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log.


#9 Keith Tomlin

Keith Tomlin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 12 June 2006 - 06:40 AM

On the hoster....all i see is..... Create backup host file, Restore backup host file, Restore Microsft's Oringinal hosts file. but none of them will let me click on them......and i did make the writeable button enabled.

Thanks Keith

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 12 June 2006 - 07:41 PM

OK,hang on to that program for now,we will use something different later on.

I beleive that host file is so you can actually use WinMX??


Post the results from the Kaspersky scan when completed.

#11 Keith Tomlin

Keith Tomlin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 12 June 2006 - 10:30 PM

Do I need to go ahead & do the Hijackthis program before the Kaspersky scan?
Thanks
Keith

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 June 2006 - 03:56 PM

Just the kaspersky log for now please.

#13 Keith Tomlin

Keith Tomlin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 13 June 2006 - 08:00 PM

Ok..here is the Kaspersky scan log
Thanks Keith
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 13, 2006 7:54:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/06/2006
Kaspersky Anti-Virus database records: 200313
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
Z:\

Scan Statistics:
Total number of scanned objects: 69272
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 00:55:30

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP5\A0001135.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bo skipped
C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\WINDOWS\Drivers.0at Infected: Trojan.BAT.Shutdown.f skipped
C:\WINDOWS\system32\sstqp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bo skipped

Scan process completed.

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 14 June 2006 - 03:25 AM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\Downloaded Program Files\popcaploader.dll
    C:\WINDOWS\system32\sstqp.dll
    C:\WINDOWS\Drivers.0at


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Restart Normal and post a fresh HijackThis log.


Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacoolsoftware.com/downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/winhelp2002/hosts2.htm

Disable System Restore
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup

Go ahead and remove any of the tools downloaded that are of no use anymore

Post back and let me know how things are?

#15 Keith Tomlin

Keith Tomlin
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 14 June 2006 - 12:15 PM

Thanks I got this message when I did a new Hijackthis run. Wanted to show it too you first.

An unexpected error has occurred at procedure: modMain_CheckOther1Item()
Error #5 - Invalid procedure call or argument

Please email me at merijn@spywareinfo.com, reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1

This message has been copied to your clipboard.
Click OK to continue the rest of the scan.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users