Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Themida Problem


  • Please log in to reply
13 replies to this topic

#1 pyromacer

pyromacer

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 26 September 2006 - 11:22 AM

I have recently had a problem with themida protection system. It contains a bckdoor trojan which pops up on every system startup.It says svchost while starting and Kaspersky detects and deletes the backdoor trojan in wsock32.dll.

Here is my HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 2:04:32 PM, on 26/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Calvin Iyer\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nseindia.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: N.Cs4 - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - C:\WINDOWS\system32\wsock32.sys (file missing)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [ioloDelayModule] "C:\Program Files\iolo\System Mechanic Professional 6\delay.exe"
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2386AA4-FD24-4F66-A61F-5B128123EDDE}: NameServer = 218.248.255.193 61.1.96.69
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: WinFastŪ Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Here is my startup list log :

StartupList report, 26/09/2006, 2:13:02 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Calvin Iyer\Desktop\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Calvin Iyer\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
NvMediaCenter = "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
SpySweeper = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
kav = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
ioloDelayModule = "C:\Program Files\iolo\System Mechanic Professional 6\delay.exe"

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\STARDO~1\SDIEInt.dll - {FFFFFEF0-5B30-21D4-945D-000000000000}

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Generic Host Process = C:\WINDOWS\System32\scvhost.exe

--------------------------------------------------

End of report, 4,587 bytes
Report generated in 0.062 seconds

Please help me.
Thanks in advance.
In the absence of light darkness prevails.

BC AdBot (Login to Remove)

 


#2 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:13 AM

Posted 27 September 2006 - 08:03 AM

Hi pyromacer and welcome to Bleeping Computer :thumbsup:

You got some infections there...

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post :flowers:
UNITE & ASAP member since 2006
Posted Image
Posted Image

#3 pyromacer

pyromacer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 29 September 2006 - 11:04 AM

Hi,
Thanks for your reply.Can you help me disinfect my computer without having to reformat it.I would be highly obliged if you would help me do it step by step.

Thanks again! :thumbsup:
In the absence of light darkness prevails.

#4 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:13 AM

Posted 29 September 2006 - 01:22 PM

Hi again :thumbsup:

I must warn you that the backdoor that you're infected with is really dangerous.
I strongly recommend that you reformat and reinstall windows, this is the only sure way to get you cleaned. I'll give you guidance if you select this way.

If you however choose to continue with the cleaning, I'll try to do my best in order to get you cleaned.

Please check that your Task Manager is working; press the following button at the same time: CTRL + ALT + DELETE, a Task Manager windows should pop up.
Please check that your Regedit is working; Start -> Run -> Type Regedit and OK, a registry editor windows should pop up.

At first, create a new folder to your desktop and name it to HijackThis.
Then move HijackThis.exe into that folder.

Post a fresh HijackThis log and let me know if registry editor and taskmanager opened....

Edited by Mr_JAk3, 30 September 2006 - 12:33 AM.

UNITE & ASAP member since 2006
Posted Image
Posted Image

#5 pyromacer

pyromacer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 30 September 2006 - 10:47 PM

Hi there,
I tried to overcome the problem myself and got rid of the popup.The taskmanager and regedit are working but my commandprompt does not. If you could review my new log it would be great. My system has been running quite slow lately could you tell me why ?

HijackThis Log :
Logfile of HijackThis v1.99.1
Scan saved at 9:11:00 AM, on 01/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Calvin Iyer\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido anti-spyware.exe" /minimized
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2386AA4-FD24-4F66-A61F-5B128123EDDE}: NameServer = 218.248.255.193 61.1.96.69
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: WinFast® Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Startup items log :
StartupList report, 01/10/2006, 9:11:21 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Calvin Iyer\Desktop\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Calvin Iyer\Desktop\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Calvin Iyer\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Acrobat Speed Launcher.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
NvMediaCenter = "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
kav = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
!ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido anti-spyware.exe" /minimized
(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AWMON = "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is NOT normal! (NOTEPAD.EXE %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
(no name) - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll - {B56A7D7D-6927-48C8-A975-17DF180C71AC}
(no name) - C:\PROGRA~1\STARDO~1\SDIEInt.dll - {FFFFFEF0-5B30-21D4-945D-000000000000}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewido.net/ewidoOnlineScan.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Adobe LM Service: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Kaspersky Anti-Virus 6.0: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (autostart)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (autostart)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
dtscsi: \SystemRoot\System32\Drivers\dtscsi.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (autostart)
ewido anti-spyware 4.0 driver: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys (system)
ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GDTdiInterceptor: \??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys (autostart)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HSFHWBS2: System32\DRIVERS\HSFBS2S2.sys (manual start)
HSF_DP: System32\DRIVERS\HSFDPSP2.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
File Security Kernel Anti-Spyware Driver: system32\drivers\ikhfile.sys (system)
Kernel Anti-Spyware Driver: system32\drivers\ikhlayer.sys (system)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Kl1: system32\drivers\kl1.sys (system)
Klif: \??\C:\WINDOWS\system32\drivers\klif.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
mchInjDrv: \??\C:\DOCUME~1\CALVIN~1\LOCALS~1\Temp\mc22A.tmp (disabled)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" (disabled)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (disabled)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (autostart)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): \SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs (disabled)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
WinFast® Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Office Source Engine: C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (disabled)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (disabled)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (disabled)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: System32\DRIVERS\Rtlnicxp.sys (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (disabled)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
PC Tools Spyware Doctor: C:\Program Files\Spyware Doctor\sdhelp.exe (disabled)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (manual start)
SPBBCSvc: "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
sptd: System32\Drivers\sptd.sys (system)
System Restore Filter Driver: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{6F235DEA-F6DF-480A-9F6E-C6DC6393DCEB} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (disabled)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
vaxscsi: \SystemRoot\System32\Drivers\vaxscsi.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
winachsf: System32\DRIVERS\HSFCXTS2.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 32,480 bytes
Report generated in 0.203 seconds

Here's the log and thanks once again for the help :thumbsup:
In the absence of light darkness prevails.

#6 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:13 AM

Posted 01 October 2006 - 03:01 AM

Ok HijackThis log looks good now, you ran a scan with Ewido ?
If so, did you save a log file from Ewido ?

Check if you can find a logfile from the following path:
C:\Program Files\ewido anti-spyware 4.0\Reports

If found, please post it to here.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
  • Please go HERE to run PandaActiveScan...

  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)

  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
UNITE & ASAP member since 2006
Posted Image
Posted Image

#7 pyromacer

pyromacer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 01 October 2006 - 12:29 PM

Hi,
Thanks again for your quick reply. :thumbsup: :flowers: :huh: I could not find any ewido log. But here is what you asked for. My computer is still quite slow. I hope you can tell me why.

Here's the gmer log :

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-01 16:23:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 833990E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 833990E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 82FE5670
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 82FE5670
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F59312A0] vsdatant.sys
Device \Driver\kl1 \Device\klick IRP_MJ_DEVICE_CONTROL [F8E4DA6C] GDTdiIcpt.sys
Device \Driver\kl1 \Device\klick IRP_MJ_INTERNAL_DEVICE_CONTROL [F8E4DA6C] GDTdiIcpt.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8339A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8339A9C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F59312A0] vsdatant.sys
Device \Driver\kl1 \Device\kl1 IRP_MJ_DEVICE_CONTROL [F8E4DA6C] GDTdiIcpt.sys
Device \Driver\kl1 \Device\kl1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8E4DA6C] GDTdiIcpt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8339AC78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8315BAF8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 8339AC78
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 83219778
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 83219778
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8315BAF8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 8339AC78
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_CREATE 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_CLOSE 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_DEVICE_CONTROL 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_INTERNAL_DEVICE_CONTROL 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_CLEANUP 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_PNP 830FFE18
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8315BAF8
Device \Driver\kl1 \Device\KLCR IRP_MJ_DEVICE_CONTROL [F8E4DA6C] GDTdiIcpt.sys
Device \Driver\kl1 \Device\KLCR IRP_MJ_INTERNAL_DEVICE_CONTROL [F8E4DA6C] GDTdiIcpt.sys
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8315BAF8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8315BAF8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 830FFE18
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 830FFE18
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 830FFE18
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 830FFE18
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 830FFE18
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 830FFE18
Device \Driver\kl1 \Device\klop IRP_MJ_DEVICE_CONTROL [F8E4DA6C] GDTdiIcpt.sys
Device \Driver\kl1 \Device\klop IRP_MJ_INTERNAL_DEVICE_CONTROL [F8E4DA6C] GDTdiIcpt.sys
Device \Driver\00000077 \Device\0000004c IRP_MJ_POWER [F8967F68] sptd.sys
Device \Driver\00000077 \Device\0000004c IRP_MJ_SYSTEM_CONTROL [F897CA70] sptd.sys
Device \Driver\00000077 \Device\0000004c IRP_MJ_PNP [F8975728] sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 830FFE18
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 830FFE18
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 830FFE18
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 830FFE18
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 830FFE18
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 830FFE18
Device \Driver\00000077 \Device\0000004d IRP_MJ_POWER [F8967F68] sptd.sys
Device \Driver\00000077 \Device\0000004d IRP_MJ_SYSTEM_CONTROL [F897CA70] sptd.sys
Device \Driver\00000077 \Device\0000004d IRP_MJ_PNP [F8975728] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_CREATE 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_CLOSE 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_DEVICE_CONTROL 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_INTERNAL_DEVICE_CONTROL 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_CLEANUP 830FFE18
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_PNP 830FFE18
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F59312A0] vsdatant.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8339A450
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8339A450
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8339A450
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 830072E0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 830072E0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F59312A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F59312A0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 830072E0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 830072E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 8310AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 8310AE88
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8339AC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8339AC78
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 82EF7148
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY
In the absence of light darkness prevails.

#8 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:13 AM

Posted 02 October 2006 - 03:14 AM

Hi again, sorry for the delay...

The GMER log wasn't complete, the end was cut out.

Please post the full log to here, it may need several posts :thumbsup:
UNITE & ASAP member since 2006
Posted Image
Posted Image

#9 pyromacer

pyromacer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 06 October 2006 - 06:23 AM

Hi,
Sorry I coud not reply earlier. I managed to get the activescan log here it is :

ActiveScan Log :

Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Calvin Iyer\Cookies\calvin iyer@ad.yieldmanager[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Calvin Iyer\Cookies\calvin iyer@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Calvin Iyer\Cookies\calvin iyer@atdmt[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Calvin Iyer\Cookies\calvin iyer@bravenet[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Calvin Iyer\Cookies\calvin iyer@doubleclick[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Calvin Iyer\Cookies\calvin iyer@revenue[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Calvin Iyer\Cookies\calvin iyer@statcounter[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Calvin Iyer\Cookies\calvin iyer@zedo[2].txt
Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe
In the absence of light darkness prevails.

#10 pyromacer

pyromacer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 06 October 2006 - 06:24 AM

Here the gmer log :
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-06 16:50:00
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys
In the absence of light darkness prevails.

#11 pyromacer

pyromacer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 06 October 2006 - 06:26 AM

Gmer log Continued :

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 833D6808
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 833D6808
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 83034A90
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 83034A90
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F594D2A0] vsdatant.sys
Device \Driver\00000134 \Device\00000050 IRP_MJ_POWER [F8967F68] sptd.sys
Device \Driver\00000134 \Device\00000050 IRP_MJ_SYSTEM_CONTROL [F897CA70] sptd.sys
Device \Driver\00000134 \Device\00000050 IRP_MJ_PNP [F8975728] sptd.sys
Device \Driver\00000134 \Device\00000051 IRP_MJ_POWER [F8967F68] sptd.sys
Device \Driver\00000134 \Device\00000051 IRP_MJ_SYSTEM_CONTROL [F897CA70] sptd.sys
Device \Driver\00000134 \Device\00000051 IRP_MJ_PNP [F8975728] sptd.sys
Device \Driver\kl1 \Device\klick IRP_MJ_DEVICE_CONTROL [F8D35A6C] GDTdiIcpt.sys
Device \Driver\kl1 \Device\klick IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D35A6C] GDTdiIcpt.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 833D6EB0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 833D6EB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F594D2A0] vsdatant.sys
Device \Driver\kl1 \Device\kl1 IRP_MJ_DEVICE_CONTROL [F8D35A6C] GDTdiIcpt.sys
Device \Driver\kl1 \Device\kl1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D35A6C] GDTdiIcpt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 833D60E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82EF4A78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 833D60E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 83050EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 83050EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82EF4A78
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 833D60E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82EF4A78
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_CREATE 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_CLOSE 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_DEVICE_CONTROL 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_INTERNAL_DEVICE_CONTROL 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_CLEANUP 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{EF8C45D4-7AFC-4A7E-B14D-A49B46A2016C} IRP_MJ_PNP 830CA850
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 82EF4A78
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 82EF4A78
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 830CA850
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 830CA850
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 830CA850
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 830CA850
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 830CA850
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 830CA850
Device \Driver\kl1 \Device\klop IRP_MJ_DEVICE_CONTROL [F8D35A6C] GDTdiIcpt.sys
Device \Driver\kl1 \Device\klop IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D35A6C] GDTdiIcpt.sys
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 830CA850
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 830CA850
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 830CA850
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 830CA850
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 830CA850
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_CREATE 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_CLOSE 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_DEVICE_CONTROL 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_INTERNAL_DEVICE_CONTROL 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_CLEANUP 830CA850
Device \Driver\NetBT \Device\NetBT_Tcpip_{A2386AA4-FD24-4F66-A61F-5B128123EDDE} IRP_MJ_PNP 830CA850
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F594D2A0] vsdatant.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 833D6A40
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 833D6A40
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 833D6A40
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82F540E8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F594D2A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F594D2A0] vsdatant.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82F540E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82F540E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 8303EB30
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 8303EB30
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 833D60E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 833D60E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 8303B610
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 8303B610
Device \Driver\kl1 \Device\klin IRP_MJ_DEVICE_CONTROL [F8D35A6C] GDTdiIcpt.sys
Device \Driver\kl1 \Device\klin IRP_MJ_INTERNAL_DEVICE_CONTROL [F8D35A6C] GDTdiIcpt.sys
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 831458B8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 831458B8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 82FE80E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 82FE80E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 83034A90
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 83034A90
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 82FFDBA8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 82FFDBA8

---- Threads - GMER 1.0.11 ----

Thread 4:172 8311FF48
Thread 4:176 82FCBA70
Thread 4:180 82FCBA70
Thread 4:424 8311FF48
Thread 4:492 8311FF48

---- Files - GMER 1.0.11 ----

ADS ...
ADS D:\Calvins Doc\dawn of war winter assault\rld-dowa.cue:SummaryInformation
ADS D:\Calvins Doc\dawn of war winter assault\rld-dowa.cue:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.11 ----

Thanks for your help once again. :thumbsup: :flowers:
In the absence of light darkness prevails.

#12 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:13 AM

Posted 07 October 2006 - 10:31 AM

Hi again, sorry for the long delay...

Ok, there is still something that doesn't look right. Have you done some fixing with HijackThis by yourself ?

Download F-Secure Blacklight and save it to your desktop

Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next
You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)
UNITE & ASAP member since 2006
Posted Image
Posted Image

#13 pyromacer

pyromacer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 09 October 2006 - 03:37 AM

Hi,
Thanks for your reply and help. :thumbsup: :huh: :flowers: . I did not try to repair my problem using HijackThis myself. I used F-Secure BlackLight But it did not show any hidden items. Here is the log :

10/09/06 13:42:31 [Info]: BlackLight Engine 1.0.47 initialized
10/09/06 13:42:31 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/09/06 13:42:33 [Note]: 7019 4
10/09/06 13:42:33 [Note]: 7005 0
10/09/06 13:42:43 [Note]: 7006 0
10/09/06 13:42:43 [Note]: 7011 1532
10/09/06 13:42:43 [Note]: 7026 0
10/09/06 13:42:44 [Note]: 7026 0
10/09/06 13:43:02 [Note]: FSRAW library version 1.7.1020
10/09/06 13:53:34 [Note]: 2000 1012
10/09/06 13:59:55 [Note]: 7007 0

I hope you can help me further with my prolbem.

Thanks again! :huh: :huh:
In the absence of light darkness prevails.

#14 Mr_JAk3

Mr_JAk3

    HJT Team Member


  • Members
  • 527 posts
  • OFFLINE
  •  
  • Location:Finland
  • Local time:02:13 AM

Posted 10 October 2006 - 01:21 AM

Nothing bad there, which is a good thing :thumbsup:

Let's try with WinPFind too just to be sure.

Please download WinPFind2.
  • Extract the files to a folder(eg: C:\WinPFind2).
  • Double click WinPFind2.exe to start the program.
  • Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
  • Click the Run all Scans button.
  • When its finished scanning you will see Scans Complete! at the bottom left of the program.
  • Click the Export to Text button.
  • Notepad will open with the results of the scan and the log will be saved to the folder that you extracted the program to(C:\WinPFind2\WinPFind2.txt)
  • Post the log in your next reply please. You may need to split the log over a couple posts so that it doesn't get cut off. If so please use the [Start Post #1] and [Start Post #2] deliminators in the log to split the log up.

UNITE & ASAP member since 2006
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users