Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infuriating Pop-ups And System Crash


  • This topic is locked This topic is locked
18 replies to this topic

#1 redchris

redchris

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 13 October 2006 - 04:02 PM

Like I say, am suffering from too many pop ups and have had a system crash too. Have followed your instructions to the letter and would be VERY grateful for any advice you can give me. I'm worried that my system is infected.

Many thanks for any help you can give. You guys (and gals!) are invaluable to novices like me!!








Logfile of HijackThis v1.99.1
Scan saved at 21:55:32, on 13/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\kjdv\kjvd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: Start.lnk = C:\WINDOWS\system32\kjdv\kjvd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

BC AdBot (Login to Remove)

 


#2 redchris

redchris
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 14 October 2006 - 02:17 PM

Can anyone help me please. I'm still being plagued by these darned pop ups.

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 PM

Posted 16 October 2006 - 06:21 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Let's see what we can find out about a suspicious file in your log.

Please download Submitter from here.
http://www.bleepingcomputer.com/files/submitter.php

Save this file to your desktop.

Click Start -> Run
Copy the command below and paste it into the Run box and click Ok.

"%userprofile%\desktop\submitter.exe" -jv C:\WINDOWS\system32\kjdv\kjvd.exe

Two separate IE windows will open as the file is submitted. Please wait for the scans to complete and then copy the results from the page and paste them here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#4 redchris

redchris
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 20 October 2006 - 03:04 PM

Hi Sam

A big thank you for the reply. Sorry it's taken me a few days to post but I've been away from home.

Right, I followed your instructions, but when I try to run the app I get the following message appear:
incorect usage
proper usage is submitter.exe <filename>
if no filename is given then the configuration screen will be shown

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 PM

Posted 21 October 2006 - 05:31 PM

Please post a new hijackthis log.

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 redchris

redchris
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 26 October 2006 - 04:55 PM

Hi Sam

Wasn't sure if you wanted me to post another thread, or just another log here. Opted for the latter...
Thanks



Logfile of HijackThis v1.99.1
Scan saved at 22:49:30, on 26/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\kjdv\kjvd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: Start.lnk = C:\WINDOWS\system32\kjdv\kjvd.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#7 redchris

redchris
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 26 October 2006 - 04:58 PM

Combofix log as follows:

Owner - 06-10-26 22:53:59.21 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-26 to 2006-10-26 ))))))))))))))))))))))))))))))))))


2006-10-14 23:29 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-10-14 23:29 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-10-14 23:29 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-10-14 23:29 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-10-14 23:29 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2006-10-14 23:29 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2006-10-14 23:29 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2006-10-14 23:28 107,008 --a------ C:\WINDOWS\vidcap32.exe
2006-10-14 23:27 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-10-14 23:27 40,960 -ra------ C:\WINDOWS\CleanDev.exe
2006-10-14 23:27 200,704 -ra------ C:\WINDOWS\sel3110.exe
2006-10-14 23:26 61,440 --a------ C:\WINDOWS\ov519dib.dll
2006-10-14 23:26 40,960 --a------ C:\WINDOWS\system32\ov519ext.dll
2006-10-14 23:26 36,099 --a------ C:\WINDOWS\amcap.exe
2006-10-14 23:26 25,211 --a------ C:\WINDOWS\system32\drivers\ov519cmd.sys
2006-10-14 23:26 163,072 --a------ C:\WINDOWS\system32\drivers\ov519vid.sys
2006-10-14 23:26 16,426 --a------ C:\WINDOWS\system32\ov519usd.dll
2006-10-14 23:26 135,168 --a------ C:\WINDOWS\ov519cap.exe
2006-10-14 23:12 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2006-10-07 16:31 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-10-07 14:01 31,744 --a------ C:\WINDOWS\system32\drivers\AmdTools.sys
2006-10-04 21:36 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-04 21:36 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-04 21:36 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-04 21:36 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-02 17:30 5,248 --a------ C:\WINDOWS\system32\drivers\Vax347s.sys
2006-10-02 17:30 159,616 --a------ C:\WINDOWS\system32\drivers\Vax347b.sys
2006-09-30 20:27 641,021 --a------ C:\WINDOWS\unins000.exe
2006-09-30 20:27 45,056 --a------ C:\WINDOWS\system32\WNASPI32.DLL
2006-09-30 20:27 25,244 --a------ C:\WINDOWS\system32\drivers\ASPI32.SYS
2006-09-30 20:27 187,904 --a------ C:\WINDOWS\system32\Lame.exe
2006-09-30 20:27 166,912 --a------ C:\WINDOWS\system32\Lame_enc.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-26 22:49 -------- d-------- C:\Program Files\HijackThis
2006-10-26 22:47 -------- d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2006-10-26 22:34 17 --a------ C:\Program Files\stng260.opt
2006-10-26 22:23 11212 --a------ C:\Program Files\OV519.INF
2006-10-25 22:09 -------- d-------- C:\Program Files\Soulseek
2006-10-25 22:04 -------- d-------- C:\Program Files\Windows Defender
2006-10-25 16:43 5182976 --a------ C:\Program Files\WindowsDefender.msi
2006-10-24 20:59 -------- d-------- C:\Program Files\FileZilla
2006-10-24 20:56 3489238 --a------ C:\Program Files\FileZilla_2_2_25_setup.exe
2006-10-21 08:37 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-21 07:52 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-10-19 23:09 -------- d-------- C:\Program Files\Picasa2
2006-10-19 22:00 4789792 --a------ C:\Program Files\picasa2-current.exe
2006-10-18 19:30 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-10-18 19:29 -------- d-------- C:\Program Files\Google
2006-10-17 23:55 2971648 --a------ C:\Program Files\imc_309_adult.msi
2006-10-14 22:59 3430 --a------ C:\Program Files\dsbc310_winxp2k98se_driver_110_Eyetoy_HACKED_SLEH-00030_INF_ONLY.zip
2006-10-13 21:52 27626259 --a------ C:\Program Files\stng260.txt
2006-10-13 19:24 -------- d-------- C:\Program Files\Internet Explorer
2006-10-13 18:47 -------- d-------- C:\Program Files\WinZip
2006-10-13 18:47 -------- d-------- C:\Program Files\Winamp
2006-10-10 17:51 -------- d-------- C:\Program Files\BitTorrent
2006-10-10 17:38 -------- d-------- C:\Documents and Settings\Owner\Application Data\.ABC
2006-10-07 14:15 1144839 --a------ C:\Program Files\stng260.exe
2006-10-07 14:00 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-07 14:00 -------- d-------- C:\Program Files\Common Files
2006-10-07 13:58 -------- d-------- C:\Program Files\New Folder
2006-10-07 13:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\Ahead
2006-10-07 09:45 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-07 09:44 -------- d-------- C:\Program Files\Nero
2006-10-05 18:56 -------- d-------- C:\Program Files\THQ
2006-10-05 18:17 5037072 --a------ C:\Program Files\spybotsd14.exe
2006-10-04 21:57 -------- d-------- C:\Program Files\STOPzilla!
2006-10-04 21:36 -------- d-------- C:\Program Files\Grisoft
2006-10-04 21:36 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-10-04 21:15 -------- d-------- C:\Program Files\Common Files\iS3
2006-10-04 21:14 18450960 --a------ C:\Program Files\avg71free_407a808.exe
2006-10-02 17:30 -------- d-------- C:\Program Files\Alcohol Soft
2006-09-30 20:27 -------- d-------- C:\Program Files\XviD
2006-09-30 20:27 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-30 20:26 4396049 --a------ C:\Program Files\EasyDVDRip.exe
2006-09-30 00:04 5127800 --a------ C:\Program Files\Firefox Setup 1.5.0.7.exe
2006-09-30 00:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\Talkback
2006-09-30 00:04 -------- d-------- C:\Documents and Settings\Owner\Application Data\Mozilla
2006-09-28 19:45 1035090 --a------ C:\Program Files\wrar361.exe
2006-09-28 19:45 -------- d-------- C:\Program Files\WinRAR
2006-09-28 18:27 174163 --a------ C:\Program Files\utorrent.exe
2006-09-26 22:09 -------- d-------- C:\Program Files\Yahoo!
2006-09-26 17:27 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun
2006-09-26 17:26 -------- d-------- C:\Program Files\Java
2006-09-26 17:26 -------- d-------- C:\Program Files\Common Files\Java
2006-09-25 22:31 -------- d-------- C:\Program Files\Windows Media Player
2006-09-25 22:31 -------- d-------- C:\Program Files\Messenger
2006-09-25 22:28 -------- d-------- C:\Program Files\Outlook Express
2006-09-25 22:28 -------- d-------- C:\Program Files\Common Files\System
2006-09-25 21:31 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-09-25 21:31 -------- d-------- C:\Program Files\MSN Messenger
2006-09-25 21:31 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-25 21:30 16332072 --a------ C:\Program Files\Install_Messenger_nous.exe
2006-09-25 21:24 2855080 --a------ C:\Program Files\aawsepersonal.exe
2006-09-25 21:24 -------- d-------- C:\Program Files\Lavasoft
2006-09-25 21:24 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-09-25 21:14 -------- d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2006-09-25 21:03 6440394 --a------ C:\Program Files\BitTorrent-4.22.1.exe
2006-09-25 17:22 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-09-25 17:13 -------- d-------- C:\Program Files\NETGEAR
2006-09-16 18:45 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-16 18:45 -------- d-------- C:\Program Files\Common Files\Designer
2006-09-16 18:44 -------- d-------- C:\Program Files\Microsoft Office
2006-09-13 06:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 18:57 -------- d-------- C:\Program Files\Bethesda Softworks
2006-09-08 17:53 -------- d-------- C:\Program Files\Disc2Phone
2006-09-08 17:53 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-08 17:20 -------- d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2006-09-08 17:15 -------- d-------- C:\Program Files\CyberLink
2006-09-06 07:13 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-09-03 12:14 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-09-03 12:11 -------- d-------- C:\Program Files\Sports Interactive
2006-09-01 14:23 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-09-01 13:41 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-01 13:40 869 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-09-01 13:40 21290704 --a------ C:\Program Files\AdbeRdr708_en_US.exe
2006-09-01 13:40 0 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini
2006-09-01 13:40 -------- d-------- C:\Program Files\Adobe
2006-09-01 13:06 842672 --a------ C:\Program Files\slsk156c.exe
2006-09-01 11:19 5928552 --a------ C:\Program Files\winzip100.exe
2006-09-01 11:11 6206440 --a------ C:\Program Files\winamp524_full_emusic-7plus.exe
2006-08-30 18:06 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-30 18:06 -------- d-------- C:\Program Files\Common Files\ODBC
2006-08-30 18:05 62 --ahs---- C:\Documents and Settings\Owner\Application Data\desktop.ini
2006-08-30 10:29 -------- d-------- C:\Program Files\AMD
2006-08-30 10:28 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-30 10:28 -------- d-------- C:\Documents and Settings\Owner\Application Data\Identities
2006-08-30 10:18 -------- d-------- C:\Program Files\xerox
2006-08-30 10:18 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-30 10:17 0 -rahs---- C:\MSDOS.SYS
2006-08-30 10:17 0 -rahs---- C:\IO.SYS
2006-08-30 10:17 0 --a------ C:\CONFIG.SYS
2006-08-30 10:17 0 --a------ C:\AUTOEXEC.BAT
2006-08-30 10:16 -------- d--h----- C:\Program Files\WindowsUpdate
2006-08-30 10:15 -------- d-------- C:\Program Files\NetMeeting
2006-08-30 10:15 -------- d-------- C:\Program Files\Movie Maker
2006-08-30 10:15 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-30 10:15 -------- d-------- C:\Program Files\Common Files\Services
2006-08-30 10:15 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-30 10:14 -------- d-------- C:\Program Files\Windows NT
2006-08-30 10:14 -------- d-------- C:\Program Files\Online Services
2006-08-30 10:14 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-30 10:13 -------- d-------- C:\Program Files\MSN
2006-08-25 16:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"NWEReboot"=""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"amd_dc_opt"="\"C:\\Program Files\\AMD\\amd_dc_opt\\amd_dc_opt.exe\""
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,20,01,00,00,00,00,00,00,80,04,00,00,66,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,55,05,00,00,66,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4b,00,00,00,00,00,00,00,55,05,00,00,66,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-10-26 22:54:35.37
C:\ComboFix.txt ... 06-10-26 22:54

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 PM

Posted 26 October 2006 - 07:21 PM

Oh definitely in this thread. You're not getting away from me that easy. :thumbsup:

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O4 - Startup: Start.lnk = C:\WINDOWS\system32\kjdv\kjvd.exe




Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.
    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Please post the results of the AVG Anti-Spyware scan report along with a new Hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 redchris

redchris
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 October 2006 - 11:34 AM

Hi Sam
Now why would I want to get away - you're helping me right!!!!
Ok, followed the latest installment - results as follows:

AVG found nothing. All the report says is that it found nothing, so I didn't post it!!


Logfile of HijackThis v1.99.1
Scan saved at 17:27:09, on 27/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 PM

Posted 27 October 2006 - 02:18 PM

Are you still getting popups?

I'd still like to get that file submitted for analysis.
Please go to http://www.virustotal.com/en/indexf.html and submit this file to be scanned.

C:\WINDOWS\system32\kjdv\kjvd.exe

Once the report finishes, please copy that text and post it back here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 redchris

redchris
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 27 October 2006 - 04:59 PM

Hi Sam
Many, many thanks for the reply and for all your help.

I don't seem to have been plagued like I was a while ago.

Here are the results of the latest scan. A couple recognised a trojan, which I've googled for info but come up with nothing. Is this cause for concern?

Antivirus Version Update Result
AntiVir 7.2.0.34 10.27.2006 no virus found
Authentium 4.93.8 10.27.2006 no virus found
Avast 4.7.892.0 10.27.2006 no virus found
AVG 386 10.27.2006 no virus found
BitDefender 7.2 10.27.2006 no virus found
CAT-QuickHeal 8.00 10.27.2006 no virus found
ClamAV devel-20060426 10.27.2006 no virus found
DrWeb 4.33 10.27.2006 Trojan.Click.1556
eTrust-InoculateIT 23.73.38 10.27.2006 no virus found
eTrust-Vet 30.3.3162 10.27.2006 no virus found
Ewido 4.0 10.27.2006 no virus found
Fortinet 2.82.0.0 10.27.2006 no virus found
F-Prot 3.16f 10.27.2006 no virus found
F-Prot4 4.2.1.29 10.27.2006 no virus found
Ikarus 0.2.65.0 10.27.2006 no virus found
Kaspersky 4.0.2.24 10.27.2006 no virus found
McAfee 4883 10.27.2006 no virus found
Microsoft 1.1609 10.26.2006 no virus found
NOD32v2 1.1842 10.27.2006 no virus found
Norman 5.80.02 10.27.2006 no virus found
Panda 9.0.0.4 10.27.2006 no virus found
Sophos 4.10.0 10.26.2006 no virus found
TheHacker 6.0.1.107 10.27.2006 no virus found
UNA 1.83 10.27.2006 no virus found
VBA32 3.11.1 10.27.2006 Trojan.Click.1556
VirusBuster 4.3.15:9 10.27.2006 no virus found

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 PM

Posted 28 October 2006 - 08:33 PM

It's definitely no good. Please delete this folder.

C:\WINDOWS\system32\kjdv



Reboot and post a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 redchris

redchris
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 29 October 2006 - 05:22 AM

Hmmm... This computer is certainly exhibiting some strange behaviour lately - I wonder whether this is the root cause??? Windows Explorer kept crashinglast night for instance, and I've had several 'lock-ups' lately, where the machine just freezes, losing my mouse and unable to bring up Task Manager, leaving me no choice but to reset the thing.

I deleted the folder. Any idea what it is/was??

Here's the log. Thanks as ever!

Logfile of HijackThis v1.99.1
Scan saved at 10:15:22, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v3 Wireless Assistant.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:58 PM

Posted 29 October 2006 - 05:18 PM

That file was indicated by a couple different vendors at Trojan.Click.1556

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab and click the Scan button.

Warning! Please do not select the "Show all" checkbox during the scan.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 redchris

redchris
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 29 October 2006 - 06:19 PM

Hi Sam

Log as follows... Cheers

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-29 23:13:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT Vax347b.sys ZwClose
SSDT Vax347b.sys ZwCreateKey
SSDT Vax347b.sys ZwCreatePagingFile
SSDT Vax347b.sys ZwEnumerateKey
SSDT Vax347b.sys ZwEnumerateValueKey
SSDT Vax347b.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT Vax347b.sys ZwQueryKey
SSDT Vax347b.sys ZwQueryValueKey
SSDT Vax347b.sys ZwSetSystemPowerState
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867A6BE8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8633DFB0
Device \FileSystem\Udfs \UdfsCdRom IRP_MJ_READ 8633DA60
Device \FileSystem\Udfs \UdfsDisk IRP_MJ_READ 8633DA60
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86166830
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86166830
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 85E62470
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86166830
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86166830
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 86178428
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 86178428
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 86178428
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86178428
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 8632B710
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 865C8E70
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 865C8E70
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 85EA86F0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 85E90A50
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_NAMED_PIPE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLOSE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_READ 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_WRITE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_INFORMATION 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_INFORMATION 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_EA 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_EA 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FLUSH_BUFFERS 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_VOLUME_INFORMATION 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_VOLUME_INFORMATION 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DIRECTORY_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_FILE_SYSTEM_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SHUTDOWN 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_LOCK_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CLEANUP 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_CREATE_MAILSLOT 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_SECURITY 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_SECURITY 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_POWER 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SYSTEM_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_DEVICE_CHANGE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_QUERY_QUOTA 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_SET_QUOTA 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1 IRP_MJ_PNP 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CLOSE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_READ 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_WRITE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_EA 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_POWER 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 8612AF00
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port3Path0Target0Lun0 IRP_MJ_PNP 8612AF00
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8633DFB0
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 85E99A50
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 85E99A50
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 85E99A50
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 85E99A50
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 85E99A50
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 862D0920

---- Modules - GMER 1.0.11 ----

Module _________ F743E000

---- Files - GMER 1.0.11 ----

ADS ...

---- EOF - GMER 1.0.11 ----




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users