Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winantivirus 2006 problems

Started by blacklotusninja , Oct 13 2006 04:40 AM

  • Please log in to reply

#16
Noviciate
Posted 26 October 2006 - 07:44 AM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download gmer.zip from here and save it to your Desktop.
You will need to unzip it before you run it.

To do this: Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

Double click gmer.exe to begin:
  • Select the Rootkit Tab at the top.
  • Click the Scan button on the right.
  • When the scan has completed, click the Copy button underneath - this will save the report to your Clipboard.
  • Paste it into Notepad (Start > All Programs > Accessories > Notepad) and save it somewhere convenient.
  • Repeat this for the Autostart Tab.
Copy and paste both reports into your next reply - you may need to post them seperately.
  • 0

Advertisements

#17
blacklotusninja
Posted 27 October 2006 - 01:09 AM

blacklotusninja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
G'day mate,
Here are the two reports you requested.

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-27 14:59:17
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 871980E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 871980E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_CREATE 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_CLOSE 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_DEVICE_CONTROL 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_INTERNAL_DEVICE_CONTROL 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_CLEANUP 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_PNP 86AD5518
Device \Driver\00000050 \Device\00000054 IRP_MJ_POWER [F734BEA8] sptd.sys
Device \Driver\00000050 \Device\00000054 IRP_MJ_SYSTEM_CONTROL [F735FA70] sptd.sys
Device \Driver\00000050 \Device\00000054 IRP_MJ_PNP [F7358728] sptd.sys
Device \Driver\00000050 \Device\00000055 IRP_MJ_POWER [F734BEA8] sptd.sys
Device \Driver\00000050 \Device\00000055 IRP_MJ_SYSTEM_CONTROL [F735FA70] sptd.sys
Device \Driver\00000050 \Device\00000055 IRP_MJ_PNP [F7358728] sptd.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E2112008
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E2112008
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E2112008
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 87199EB0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 87199EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86CF0EB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86AE95D8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86AE95D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CREATE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CREATE_NAMED_PIPE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CLOSE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_READ 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_WRITE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_FLUSH_BUFFERS 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_DIRECTORY_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_FILE_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_DEVICE_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SHUTDOWN 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_LOCK_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CLEANUP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CREATE_MAILSLOT 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_POWER 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_DEVICE_CHANGE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_PNP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CREATE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CREATE_NAMED_PIPE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CLOSE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_READ 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_WRITE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_FLUSH_BUFFERS 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_DIRECTORY_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_FILE_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_DEVICE_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SHUTDOWN 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_LOCK_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CLEANUP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CREATE_MAILSLOT 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_POWER 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_DEVICE_CHANGE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_PNP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CREATE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CREATE_NAMED_PIPE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CLOSE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_READ 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_WRITE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_FLUSH_BUFFERS 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_DIRECTORY_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_FILE_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_DEVICE_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SHUTDOWN 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_LOCK_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CLEANUP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CREATE_MAILSLOT 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_POWER 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_DEVICE_CHANGE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_PNP 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CREATE 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CREATE_NAMED_PIPE 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CLOSE 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_READ 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_WRITE 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_EA 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_EA 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_FLUSH_BUFFERS 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_DIRECTORY_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_FILE_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_DEVICE_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SHUTDOWN 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_LOCK_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CLEANUP 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CREATE_MAILSLOT 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_POWER 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_DEVICE_CHANGE 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_PNP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CREATE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CREATE_NAMED_PIPE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CLOSE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_READ 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_WRITE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_FLUSH_BUFFERS 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_DIRECTORY_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_FILE_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_DEVICE_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SHUTDOWN 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_LOCK_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CLEANUP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CREATE_MAILSLOT 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_POWER 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_DEVICE_CHANGE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_PNP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CREATE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CREATE_NAMED_PIPE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CLOSE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_READ 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_WRITE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_EA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_FLUSH_BUFFERS 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_VOLUME_INFORMATION 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_DIRECTORY_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_FILE_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_DEVICE_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SHUTDOWN 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_LOCK_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CLEANUP 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CREATE_MAILSLOT 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_SECURITY 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_POWER 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SYSTEM_CONTROL 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_DEVICE_CHANGE 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_QUOTA 87199A40
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_PNP 87199A40
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86CF0EB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86CF0EB0
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E19E4390
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E19E4390
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E19E4390
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86AD5518
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86AD5518
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86AD5518
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86AD5518
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86AD5518
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86AD5518
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86AD5518
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86AD5518
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86AD5518
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86AD5518
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86AD5518
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_CREATE 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_CLOSE 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_DEVICE_CONTROL 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_INTERNAL_DEVICE_CONTROL 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_CLEANUP 86AD5518
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_PNP 86AD5518
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 871995D0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 871995D0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86AE1EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86AE1EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86B1C700
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86B1C700
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE
  • 0

#18
Noviciate
Posted 27 October 2006 - 12:29 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
You need to preview your replies before you post them - there only appears to be one log, and a partial one at that.
  • 0

#19
blacklotusninja
Posted 29 October 2006 - 05:38 AM

blacklotusninja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey Mate,
Sorry bout that i was sure i added it all in. second time lucky hey.

Rootkit report

GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-29 19:34:06
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8718AEB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8718AEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_CREATE 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_CLOSE 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_DEVICE_CONTROL 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_INTERNAL_DEVICE_CONTROL 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_CLEANUP 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} IRP_MJ_PNP 86C21A80
Device \Driver\00000049 \Device\00000055 IRP_MJ_POWER [F734BEA8] sptd.sys
Device \Driver\00000049 \Device\00000055 IRP_MJ_SYSTEM_CONTROL [F735FA70] sptd.sys
Device \Driver\00000049 \Device\00000055 IRP_MJ_PNP [F7358728] sptd.sys
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E2114548
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E2114548
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E2114548
Device \Driver\00000049 \Device\00000056 IRP_MJ_POWER [F734BEA8] sptd.sys
Device \Driver\00000049 \Device\00000056 IRP_MJ_SYSTEM_CONTROL [F735FA70] sptd.sys
Device \Driver\00000049 \Device\00000056 IRP_MJ_PNP [F7358728] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 871D5C78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86CEF960
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 86C8BA80
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 86C8BA80
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86CEF960
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CREATE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CREATE_NAMED_PIPE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CLOSE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_READ 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_WRITE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_FLUSH_BUFFERS 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_DIRECTORY_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_FILE_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_DEVICE_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SHUTDOWN 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_LOCK_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CLEANUP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_CREATE_MAILSLOT 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_POWER 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_DEVICE_CHANGE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_QUERY_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_SET_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-0-03 IRP_MJ_PNP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CREATE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CREATE_NAMED_PIPE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CLOSE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_READ 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_WRITE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_FLUSH_BUFFERS 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_DIRECTORY_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_FILE_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_DEVICE_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SHUTDOWN 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_LOCK_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CLEANUP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_CREATE_MAILSLOT 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_POWER 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_DEVICE_CHANGE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_QUERY_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_SET_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort1-1-04 IRP_MJ_PNP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CREATE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CREATE_NAMED_PIPE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CLOSE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_READ 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_WRITE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_FLUSH_BUFFERS 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_DIRECTORY_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_FILE_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_DEVICE_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SHUTDOWN 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_LOCK_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CLEANUP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_CREATE_MAILSLOT 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_POWER 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_DEVICE_CHANGE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_QUERY_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_SET_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-2-02 IRP_MJ_PNP 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CREATE 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CREATE_NAMED_PIPE 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CLOSE 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_READ 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_WRITE 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_EA 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_EA 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_FLUSH_BUFFERS 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_DIRECTORY_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_FILE_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_DEVICE_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SHUTDOWN 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_LOCK_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CLEANUP 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_CREATE_MAILSLOT 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_POWER 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_DEVICE_CHANGE 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_QUERY_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_SET_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\SmartXC1P0Target00-00 IRP_MJ_PNP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CREATE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CREATE_NAMED_PIPE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CLOSE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_READ 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_WRITE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_FLUSH_BUFFERS 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_DIRECTORY_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_FILE_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_DEVICE_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SHUTDOWN 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_LOCK_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CLEANUP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_CREATE_MAILSLOT 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_POWER 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_DEVICE_CHANGE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_QUERY_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_SET_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-1-01 IRP_MJ_PNP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CREATE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CREATE_NAMED_PIPE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CLOSE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_READ 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_WRITE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_EA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_FLUSH_BUFFERS 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_VOLUME_INFORMATION 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_DIRECTORY_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_FILE_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_DEVICE_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SHUTDOWN 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_LOCK_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CLEANUP 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_CREATE_MAILSLOT 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_SECURITY 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_POWER 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SYSTEM_CONTROL 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_DEVICE_CHANGE 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_QUERY_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_SET_QUOTA 871D5808
Device \Driver\viaxraid \Device\Ide\IdePort0-0-00 IRP_MJ_PNP 871D5808
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86CEF960
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86CEF960
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E19EB360
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E19EB360
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E19EB360
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86C21A80
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86C21A80
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86C21A80
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86C21A80
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86C21A80
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86C21A80
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86C21A80
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86C21A80
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86C21A80
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86C21A80
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86C21A80
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_CREATE 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_CLOSE 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_DEVICE_CONTROL 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_INTERNAL_DEVICE_CONTROL 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_CLEANUP 86C21A80
Device \Driver\NetBT \Device\NetBT_Tcpip_{9A7E13A7-82D6-42FE-AE25-493EFE575767} IRP_MJ_PNP 86C21A80
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8718A0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8718A0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86A30298
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86A30298
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86A30298
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 86D6C0E8
Device \FileSystem\
  • 0

#20
blacklotusninja
Posted 29 October 2006 - 05:41 AM

blacklotusninja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
hmmm must be two big for just one post. here is the rest.

Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 86D6C0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 86D6C0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 871D5C78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 871D5C78
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 86B3D0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 86B3D0E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CREATE 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_CLOSE 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_DEVICE_CONTROL 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_POWER 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_SYSTEM_CONTROL 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 IRP_MJ_PNP 86B1DA88
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86CB98A8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 86CB98A8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F756195C] sfsync03.sys
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86B1DA88
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 86B1DA88
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86B023C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86B023C8

---- Registry - GMER 1.0.11 ----

Reg \Registry\MACHINE\SOFTWARE\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x48 0xC3 0x3D 0x19 ...
Reg \Registry\MACHINE\SOFTWARE\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x59 0xE9 0xE2 0x6C ...
Reg \Registry\USER\S-1-5-21-1993962763-1644491937-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x05 0x0C 0xB5 0x39 ...
Reg \Registry\USER\S-1-5-21-1993962763-1644491937-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xF7 0x46 0xC3 0xFE ...

---- Files - GMER 1.0.11 ----

ADS ...
ADS ...

---- EOF - GMER 1.0.11 ----





Autostart scan




GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-29 19:34:58
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
nuars@DLLName = C:\WINDOWS\java\nuars.dll
WgaLogon@DLLName = WgaLogon.dll
winwil32@DLLName = winwil32.dll /*file not found*/

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs = ?/??? C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AVG Anti-Spyware Guard /*AVG Anti-Spyware Guard*/@ = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe /*file not found*/
SymWSC /*SymWMI Service*/@ = "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
UserAccess7 /*SecuROM User Access Service (V7)*/@ = C:\WINDOWS\system32\UAService7.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@UltraMon"C:\Program Files\UltraMon\UltraMon.exe" /auto = "C:\Program Files\UltraMon\UltraMon.exe" /auto
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@SunServerC:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe = C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@THGuard"C:\Program Files\TrojanHunter 4.6\THGuard.exe" = "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
@type32"C:\Program Files\Microsoft IntelliType Pro\type32.exe" = "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
@SunJavaUpdateSchedC:\Program Files\Java\jre1.5.0_02\bin\jusched.exe = C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@Logitech UtilityLogi_MwX.Exe = Logi_MwX.Exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
@HP Software Update"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" /*file not found*/ = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" /*file not found*/
@HP Component Manager"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
@GuruClockC:\Program Files\ABIT\ABIT uGuru\GuruClock.exe = C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
@Google Desktop Search"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
@DAEMON Tools-1033"C:\Program Files\D-Tools\daemon.exe" -lang 1033 /*file not found*/ = "C:\Program Files\D-Tools\daemon.exe" -lang 1033 /*file not found*/
@DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
@AS00_Gear311TC:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide /*file not found*/ = C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide /*file not found*/
@Ad-watch"C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" /*file not found*/ = "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" /*file not found*/
@ABIT uGuruC:\Program Files\ABIT\ABIT uGuru\uGuru.exe = C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@WinGet.exeC:\Program Files\Indentix\WinGet\WinGet.exe /silent /*file not found*/ = C:\Program Files\Indentix\WinGet\WinGet.exe /silent /*file not found*/
@SteamG:\games\Steam\\Steam.exe -silent = G:\games\Steam\\Steam.exe -silent
@Skype"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
@RoboForm"C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" = "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
@LDM\Program\BackWeb-8876480.exe /*file not found*/ = \Program\BackWeb-8876480.exe /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks >>>
@{57B86673-276A-48B2-BAE7-C6DBB3020EB8}C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
@{076394AD-7FDD-44EF-A075-32C68DBAB99B}C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll = C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{97FA8AA2-EE77-4FF2-9449-424D8924EF21} /*IntelliType Pro Zooming Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll"
@{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} /*IntelliType Pro Scrolling Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll"
@{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} /*IntelliType Pro Key Settings Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll"
@{A2569D1F-4E06-43EC-9825-0088B471BE47} /*IntelliType Pro Wireless Control Panel Property Page*/"C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll" = "C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll"
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\axshlex.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office10\msohev.dll = C:\Program Files\Microsoft Office\Office10\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} /*TrojanHunter Menu Shell Extension*/C:\PROGRA~1\TROJAN~1.6\contmenu.dll = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AVG Anti-Spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
TrojanHunter@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA}C:\WINDOWS\system32\ihqnpupd.dll /*file not found*/ = C:\WINDOWS\system32\ihqnpupd.dll /*file not found*/
@{6F5F1B10-2BA4-41A0-A909-8540D9FAB006}C:\WINDOWS\java\nuars.dll = C:\WINDOWS\java\nuars.dll

HKCU\Control Panel\[email protected] = C:\WINDOWS\system32\ssbezier.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft....k/?LinkId=69157
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com.au/ = http://www.google.com.au/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
cetihpz@CLSID = C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = "C:\PROGRA~1\MSNMES~1\msgrapp.dll" /*file not found*/
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E} /*Wireless Network Connection 7*/ >>>
@IPAddress10.1.1.2 = 10.1.1.2
@NameServer4.2.2.2,4.2.2.3 = 4.2.2.2,4.2.2.3
@DefaultGateway10.1.1.1 = 10.1.1.1
@Domain =

C:\Documents and Settings\Owner\Start Menu\Programs\Startup = tims.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Logitech Desktop Messenger.lnk = Logitech Desktop Messenger.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.11 ----

Cheers mate
  • 0

#21
Noviciate
Posted 29 October 2006 - 08:38 AM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Rename your copy of hijackthis.exe to sunday.exe and post a fresh log run in Normal Mode. It's possible that this nasty is interfering with the normal working of HJT in order to hide itself and renaming the .exe will get around this.
  • 0

#22
blacklotusninja
Posted 29 October 2006 - 06:50 PM

blacklotusninja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
G'day mate'
Renamed hijackthis to sunday.exe and scanned.
Here are the results.


Logfile of HijackThis v1.99.1
Scan saved at 8:48:44 AM, on 30/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
G:\games\Steam\Steam.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\sunday.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\ihqnpupd.dll (file missing)
O2 - BHO: (no name) - {5D0032AA-669F-4B56-BB5D-B2BDAA858E72} - C:\WINDOWS\java\nuars.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent
O4 - HKCU\..\Run: [Steam] G:\games\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: tims.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with &WinGet - res://C:\Program Files\Indentix\WinGet\WinIE.dll/300
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {6D23C967-3547-48EA-8D57-34CF85CD7F30} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6D23C967-3547-48EA-8D57-34CF85CD7F30} - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.co...InstallAsst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3B7AF3F-DFBB-4CA2-8B16-781DAE1CC583} (Weed Media Activator component) - https://www.shmedlic...mponent/SML.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.co...ts/DeltaCVX.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: /A C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: nuars - C:\WINDOWS\java\nuars.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

Thanks again mate
Regards'
Tim
  • 0

#23
Noviciate
Posted 30 October 2006 - 01:38 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
1) Download and install Ad-Aware, if you haven't already, and then configure it as per these instructions: http://www.tomcoyote.org/aawsb.php - this page also contains a link to the Lavasoft site where you can get the program.
Ensure that it is updated and thren close it without performing a scan.

2) Download the Virtumonde Remover by Lavasoft from here and save it to your Desktop.
  • Double click Virtumonde_Remover.exe to begin.
  • Click I agree to accept the license agreement.
  • Click Scan and sit back.
  • If any targets are found you will be asked to neutralize - click Neutralize.
  • Once this is complete, the program will check if a reboot is recommended, and if so, you will have the option to do so immediately - let it reboot your PC.
  • Once the PC has rebooted, update Ad-Aware Lavasoft SE Personal and run a full system scan allowing it to fix everything it finds.
Post a fresh HJT log AND a description of how your PC is behaving.

This should clean up the last of the infection, but if not, I do have a backup plan.
  • 0

#24
blacklotusninja
Posted 01 November 2006 - 05:12 AM

blacklotusninja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
G'day mate,
I am still getting two different winantivirus popups. One from ameana.com which says i am infected with the bloodhound virus and would i like to purchase winantivirus pro 2006 or winantispyware. The other onecomes up as a small box in top left hand corner saying i have critical errors and need to dwnload winantivirus. It's a persistent little bugger this one. The virtmo0nde remover didn't find anything. Lava soft found a couple of thng which i removed. Still getting a bit of system bog down sometimes so something is still not quite right. here is a fresh HJT log.



Logfile of HijackThis v1.99.1
Scan saved at 7:07:21 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
G:\games\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\sunday.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\ihqnpupd.dll (file missing)
O2 - BHO: (no name) - {34F49E8D-C485-4F9E-B9C2-EE665DE29A16} - C:\WINDOWS\java\nuars.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {821F87FF-8245-4972-9E28-732E92EC2F51} - (no file)
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GuruClock] C:\Program Files\ABIT\ABIT uGuru\GuruClock.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AS00_Gear311T] C:\Program Files\NETGEAR\WG311TSU\Utility\Gear311T.exe -hide
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WinGet.exe] C:\Program Files\Indentix\WinGet\WinGet.exe /silent
O4 - HKCU\..\Run: [Steam] G:\games\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: tims.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Download with &WinGet - res://C:\Program Files\Indentix\WinGet\WinIE.dll/300
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {6D23C967-3547-48EA-8D57-34CF85CD7F30} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6D23C967-3547-48EA-8D57-34CF85CD7F30} - (no file) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.co...InstallAsst.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {C3B7AF3F-DFBB-4CA2-8B16-781DAE1CC583} (Weed Media Activator component) - https://www.shmedlic...mponent/SML.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.co...ts/DeltaCVX.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoft...5/asproinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD4306B-AFE1-4B36-B39E-5F6FCEA2B24E}: NameServer = 4.2.2.2,4.2.2.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: /A C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: nuars - C:\WINDOWS\java\nuars.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)

If you dont mind me asking and you have the time to answer, why is this particular infection so hard to get rid of. I have never had anything like it, it's relentless. :whistling:
Cheers again for all your help. sorry this is taking so long to fix
Regards'
Tim
  • 0

#25
Noviciate
Posted 01 November 2006 - 01:39 PM

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
It's a constant battle between those who create the infections and those who create the tools that remove the infections. This bugger is being constantly modified to make removal more difficult and it's also not being helped by me being slow brained! :whistling:

Hopefully using this method will see the back of it:

You will need to make a copy of these instructions because you have to disconnect from the internet to complete the fix. Either print them out or copy and paste them into Notepad.

Preparation

1) Download a fresh copy of VundoFix.exe from here and save it to your Desktop.

2) Log off from the internet and disconnect your modem cable for the duration of the fix.

Removal

1) Double click Vundofix.exe:
  • Right click an empty area of the central window.
  • Click Add more files?
  • Copy and paste the following into the two boxes:
    • C:\WINDOWS\java\nuars.dll
      C:\WINDOWS\java\sraun.*
  • Click Add File(s).
  • Click Close Window.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
Please post the contents of C:\vundofix.txt, a new HJT log AND a description of how your PC is behaving.
  • 0

Advertisements

#26
blacklotusninja
Posted 17 November 2006 - 07:58 PM

blacklotusninja

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
G'day mate,
Sorry i havent got back to you for so long. That last fix seemed to do the trick computer was running fine with no pop-ups. Then it happened...motherboard death occured... So i now have a new motherboard and a nice fresh install of windows to start again with. Thank you very for you help in dealing with the problem your services are very much appreciated. Hopefully i can keep it clean this time, will definatly be more vigilante in the future. Thanks again novicaite you guys are champions.
Regards'
Tim :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP