Some Programs and windows close right after i open them - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Some Programs and windows close right after i open them

#1 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 14 January 2007 - 04:13 AM

Logfile of HijackThis v1.99.1
Scan saved at 12:08:08 μμ, on 14/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lupus\Desktop\HijackThis.exe

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall....lbl?serie=6000
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120309568109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162019415015
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.ho...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Any opinions about whats wrong and how to fix it?
I have scanned many times with many programs in normal and safe mode but the problem still remains.
Some told me about the Panda software, that it may be causing problems.
It all started after i downloaded an msn messenger installation program. When trying to start the installation program the computer restarted and after that the problems started.
Note that the bitdefender and the panda software have been unistalled from my sytem and i dont know why they are shown at the report.

P.S. The "some" programs and windows are: Spy-bot for example, or when i try to enter some sites the internet explorer closes even. Same thing with the Firefox.
Example of sites: http://www.ewido.net/en/download/
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE
This is the stes that the guide was telling me to go in order to download some programs.
But, i have already scanned my pc with some of them in and out of safe mode.

#2 Ryan

  • Group: Member
  • Posts: 4,867
  • Joined: 11-July 05

Posted 14 January 2007 - 05:11 AM

Hi there, and welcome to Geekstogo! I'm Ryan, and I'll be helping you clean your computer.

Please rename HiJackThis to anything you wish and post a new HiJack This report; there is a section missing that is normally there, and it could be hidden be some malware.

Also, I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan

#3 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 14 January 2007 - 10:39 AM

Logfile of HijackThis v1.99.1
Scan saved at 6:37:40 μμ, on 14/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lupus\Desktop\repoter.exe

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall....lbl?serie=6000
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120309568109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162019415015
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.ho...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

---------------------------------------------------------------------------

7-Zip 4.42
Ad-Aware SE Professional
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
ASUS Enhanced Display Driver
ATI - Βοηθητικό πρόγραμμα απεγκατάστασης λογισμικού
ATI Control Panel
ATI Display Driver
Barbie™ and the Magic of Pegasus™
BPS Data Shredder 2.0.0.0
Chicken Little
ConvertXtoDVD 2.0.13
Digital Camera Driver
Disney's Lilo and Stitch Hawaiian Adventure
DivX Total Pack
DU Meter
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ffdshow
Hero_Online
HijackThis 1.99.1
IsoBuster 1.9
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_08
Kelly Club™ CD-ROM
Macromedia Shockwave Player
Marvell Miniport Driver
Messenger Plus! Live
Microsoft Encarta Premium 2006 DVD
Mozilla Firefox (2.0)
Nokia Connectivity Cable Driver
Nokia Software Updater
PowerDVD
QuickTime
RamCleaner version 3.6
Registry Mechanic 5.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Sony USB Driver
Sound Blaster Live! Web 2K/XP
StyleXP (remove only)
The Bard's Tale
The Battle for Middle-earth ™ II
The Sims 2
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
Ultimate Spider-Man ™
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
VobSub v2.23 (Remove Only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Your Uninstaller! 2006 Version 5
Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY

There you go Ryan. Thx for the help.

#4 Ryan

  • Group: Member
  • Posts: 4,867
  • Joined: 11-July 05

Posted 14 January 2007 - 10:47 AM

You will want to print out these instructions, or save them to notepad or another word processor so that you can refer to them


== Remove Old Java ==

Please go to Add/Remove Programs in the Control Panel, and remove the following programs
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment, SE v1.4.2_08
    Viewpoint Manager (Remove Only)
Reboot your computer.


== Install Latest Java ==

Please go to THIS page, and click on the Download link that is in the Java Runtime Environment (JRE) 6 section.

Click the radio button next to Accept License Agreement after reviewing it. The page will refresh - this is normal.

Download the Windows Offline Installation, Multi-language. You will want to save this to a location you will remember.

Once it has finished downloading, double click it, and follow the prompts to install.

If it asks to reboot, select No.


== ATF Cleaner ==

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Close all Internet Explorer, Firefox, and Opera windows before continuing.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


== AVG Anti-Spyware ==

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

-Ryan

#5 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 14 January 2007 - 10:53 AM

Besides ATF Cleaner I have scanned my system with various programs including AVG. All have found some malware files but nothing changed. I will follow your instructions and let you know what happend. Just dont htink that i didnt read the Guide for the new people... Thx for the help given so far.

P.S. If i try to open the the ATF Cleaner when in normal mode it closes the same time...Same with any online virus scanning site...
P.S.2 When i try to enter the AVG Anti-Spyware site the firefox closes. So i suppose i will go throught safe mode...

#6 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 14 January 2007 - 05:21 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:15:27 μμ 14/1/2007

+ Scan result:



C:\Documents and Settings\Lupus\Local Settings\Temp\Remover.exe -> Adware.Winad : Cleaned with backup (quarantined).
HKU\S-1-5-21-776561741-842925246-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Documents and Settings\........\MU GAMES\SegaMU\SegaMUrar.rar/SegaMuOnline\SegaMU.exe -> Backdoor.Sturf : Cleaned with backup (quarantined).
C:\Documents and Settings\........\MU GAMES\SegaMUrar.rar/SegaMuOnline\SegaMU.exe -> Backdoor.Sturf : Cleaned with backup (quarantined).
C:\DOWNLOAD D HARD DISK\COMPLETED DOWNLOADS\Other Dl's\Game Stuff\Crack and Trainers\Act of War Direct Action\rld-aow.rar/ACTOFWAR.EXE -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup (quarantined).
C:\Documents and Settings\Lupus\My Documents\.....Cracked_-BiNPDA.rar/BiN-1980\Loader.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Lupus\Local Settings\Temp\_ir_sf7_temp_1\agony.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\Documents and Settings\Lupus\agony.sys -> Rootkit.Agony : Cleaned with backup (quarantined).


::Report end


The AVG scan report....

#7 Ryan

  • Group: Member
  • Posts: 4,867
  • Joined: 11-July 05

Posted 14 January 2007 - 06:55 PM

AVG Anti-Spyware found a couple of rootkits, so I would like to make sure that they are gone before moving onto anything else.

Please download GMER Rootkit Detector from any of the following links:

GMER * GMER * GMER
  • Unzip it and double click the gmer.exe file
  • Select rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Press scan.
  • When it has finished press Copy & post back the log it makes.
=====
=====

Download AVG Anti-Rootkit Beta from here
  • Close all open programs as this will require a reboot.
  • Double click AVG_AntiRootkit_1.0.0.13.exe to install the program.
    (By default this will be to C:\Program Files\GRISOFT\AVG Anti-Rootkit Beta.)
  • Once the program has installed, you will be prompted to reboot - please allow this to happen.
  • When the PC has rebooted, click the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
  • Click Perform in-depth search and put your feet up as this can take a while.
  • Once the scan has completed, if any files have been detected, click Save result to file and save the log to somewhere convenient.
If anything has been detected, copy and paste the log into your next reply. If not, just let me know.


-Ryan

#8 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 15 January 2007 - 06:21 AM

Hey Ryan.
First of all do me a favour and tell me what a rootkit is.
Second let me tell you that none of the sites that you provided worked for the GMER but i found it at another site. Here is the report:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-15 14:20:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwCreateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwDeleteValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwEnumerateValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwQueryValueKey
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 27001B70 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 27001AE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 27001A60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 27001C20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 27001CD0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 27001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] ADVAPI32.dll!CryptDeriveKey 77DEA685 7 Bytes JMP 27001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] ADVAPI32.dll!CryptDecrypt 77DEA7B1 2 Bytes JMP 27001050 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] ADVAPI32.dll!CryptDecrypt + 3 77DEA7B4 4 Bytes [ 21, AF, CC, CC ]
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] USER32.dll!PeekMessageW 77D4929B 5 Bytes JMP 27003760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] USER32.dll!CreateWindowExW 77D4FF50 5 Bytes JMP 27003270 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] USER32.dll!SetWindowRgn 77D502DD 7 Bytes JMP 27004AB0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] USER32.dll!CreateDialogParamW 77D584EE 5 Bytes JMP 27004E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] USER32.dll!SetWindowPlacement 77D5DF46 5 Bytes JMP 270049D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] USER32.dll!FlashWindow 77D85C5C 5 Bytes JMP 27004B50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] USER32.dll!MessageBoxIndirectW 77D96093 5 Bytes JMP 27004F90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] USER32.dll!TrackPopupMenuEx 77D9CB1A 5 Bytes JMP 27003F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WS2_32.dll!send 71AB428A 5 Bytes JMP 270095A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 27009390 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WS2_32.dll!recv 71AB615A 5 Bytes JMP 27009200 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 27009720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 27009930 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] SHELL32.dll!Shell_NotifyIconW 7CA21B5A 5 Bytes JMP 27002BA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] ole32.dll!CoInitializeEx 774FEF6B 5 Bytes JMP 27001D30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] ole32.dll!CoRegisterClassObject 77518720 5 Bytes JMP 27001E30 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WININET.dll!HttpOpenRequestA 771C36AD 5 Bytes JMP 27008180 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WININET.dll!InternetCloseHandle 771C4D6C 5 Bytes JMP 27008460 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WININET.dll!HttpSendRequestA 771C6249 5 Bytes JMP 270083B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll
.text C:\Program Files\MSN Messenger\msnmsgr.exe[2392] WININET.dll!InternetReadFile 771C80F4 5 Bytes JMP 270082E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7888810] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7888BD8] ShldDrv.SYS
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8A394A40
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8A394A40
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 879766A0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 879766A0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8A3DFA40
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8A3DFA40
Device \Driver\00000041 \Device\00000060 IRP_MJ_POWER [F73A2EA8] sptd.sys
Device \Driver\00000041 \Device\00000060 IRP_MJ_SYSTEM_CONTROL [F73B6A70] sptd.sys
Device \Driver\00000041 \Device\00000060 IRP_MJ_PNP [F73AF728] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 8A3DFC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 8A3DFC78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8899AD08
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 879996A0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 879996A0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8899AD08
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE

#9 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 15 January 2007 - 06:25 AM

......
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 8899AD08
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 8899AD08
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 87A00598
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 87A00598
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 87A00598
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 87A00598
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 87A00598
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 87A00598
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 87A00598
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 87A00598
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 87A00598
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 87A00598
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 87A00598
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 87A00598
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8A394C78
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8A394C78
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8799B6A0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8799B6A0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 87AA95C0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 87AA95C0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 8A3DFC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 8A3DFC78
Device \Driver\NetBT \Device\NetBT_Tcpip_{6FBA9EDB-8788-4750-AA90-3F75B08743D0} IRP_MJ_CREATE 87A00598
Device \Driver\NetBT \Device\NetBT_Tcpip_{6FBA9EDB-8788-4750-AA90-3F75B08743D0} IRP_MJ_CLOSE 87A00598
Device \Driver\NetBT \Device\NetBT_Tcpip_{6FBA9EDB-8788-4750-AA90-3F75B08743D0} IRP_MJ_DEVICE_CONTROL 87A00598
Device \Driver\NetBT \Device\NetBT_Tcpip_{6FBA9EDB-8788-4750-AA90-3F75B08743D0} IRP_MJ_INTERNAL_DEVICE_CONTROL 87A00598
Device \Driver\NetBT \Device\NetBT_Tcpip_{6FBA9EDB-8788-4750-AA90-3F75B08743D0} IRP_MJ_CLEANUP 87A00598
Device \Driver\NetBT \Device\NetBT_Tcpip_{6FBA9EDB-8788-4750-AA90-3F75B08743D0} IRP_MJ_PNP 87A00598
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 8771A9E0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 8771A9E0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CREATE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CLOSE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_POWER 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_PNP 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_CREATE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_CLOSE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_POWER 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_PNP 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_CREATE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_CLOSE 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_DEVICE_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F732EA6C] sfsync04.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_POWER 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_SYSTEM_CONTROL 88977EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_PNP 88977EB0
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL

#10 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 15 January 2007 - 06:27 AM

MORE.....And the show all wasnt ticked.....
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 879766A0
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 879766A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 879406A0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 879406A0

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{107E6D21-54ED-32EA-89EBEFDD29F12B2C}\{B975045C-7EA8-ADE1-408732B9E3F99960}\{A296A331-83C2-2419-70104A7C6B45B24D}@GG2KGGPNIIGO4BVBD4BQHYVQFA1 0x01 0x00 0x01 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7FA7DB51-4296-4DCE-E915E900AF1A706F}\{6ECD6E35-CD02-B6E7-116E97829ECA1B77}\{2BCFFA55-7302-F76B-60625DCE35F7A6E2}@GG2KGGPNIIGO4BVBD4BQHYVQFA1 0x01 0x00 0x01 0x00 ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\Symantec\hpc:1780292171
ADS C:\Documents and Settings\All Users\Application Data\Symantec\hpc:468323563
ADS C:\Documents and Settings\Lupus\Desktop\readntfs.exe:SummaryInformation
ADS C:\Documents and Settings\Lupus\Desktop\readntfs.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
File C:\Documents and Settings\Lupus\My Documents\Mobile Phone Utilities\To be cell installed\cell utilities\3D[1][1].Arts.Butterfly.Dreams.DSS.ScreenSaver.v1.00.S60.SymbianOS.Retail-oWnPDA\3D.Arts.Butterfly.Dreams.DSS.ScreenSaver.v1.00.S60.SymbianOS.Retail-oWnPDA\own-3abd10.zip
File C:\Documents and Settings\Lupus\My Documents\Mobile Phone Utilities\To be cell installed\cell utilities\3D[1][1].Arts.Butterfly.Dreams.DSS.ScreenSaver.v1.00.S60.SymbianOS.Retail-oWnPDA\3D.Arts.Butterfly.Dreams.DSS.ScreenSaver.v1.00.S60.SymbianOS.Retail-oWnPDA\oWnPDA.nfo
File C:\Documents and Settings\Lupus\My Documents\Mobile Phone Utilities\To be cell installed\cell utilities\psiloc[1][1].world.clock.pro.v1.71.s60.symbianos6.1.incl.keygen.updated.algo-blzpda\Psiloc.World.Clock.Pro.v1.71.S60.SymbianOS6.1.Incl.Keygen.UPDATED.ALGO-BLZPDA\b-wrcpq0.zip
File C:\Documents and Settings\Lupus\My Documents\Mobile Phone Utilities\To be cell installed\cell utilities\psiloc[1][1].world.clock.pro.v1.71.s60.symbianos6.1.incl.keygen.updated.algo-blzpda\Psiloc.World.Clock.Pro.v1.71.S60.SymbianOS6.1.Incl.Keygen.UPDATED.ALGO-BLZPDA\blzpda.nfo
File C:\Documents and Settings\Lupus\My Documents\Mobile Phone Utilities\To be cell installed\cell utilities\psiloc[1][1].world.clock.pro.v1.71.s60.symbianos6.1.incl.keygen.updated.algo-blzpda\Psiloc.World.Clock.Pro.v1.71.S60.SymbianOS6.1.Incl.Keygen.UPDATED.ALGO-BLZPDA\l_Dsk_l.jpg

---- EOF - GMER 1.0.12 ----

#11 Ryan

  • Group: Member
  • Posts: 4,867
  • Joined: 11-July 05

Posted 15 January 2007 - 12:50 PM

What is a rootkit?

WikiPedia said:

A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system. Rootkits have their origin in relatively benign applications, but in recent years have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems, such as Linux, Solaris and versions of Microsoft Windows. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.


The sites hosting GMER have been under a DDOS attack from malware writers for a while now.

What is a DDOS attack?

wikiPedia said:

In computer security, a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet.

DoS attacks have two general forms:
  • Force the victim computer(s) to reset or consume its resources such that it can no longer provide its intended service.
  • Obstruct the communication media between the intended users and the victim so that they can no longer communicate adequately.



Thanks for the GMER scan. Can you also run AVG Anti-Rootkit for me and paste the results, or let me know if it didn't find anything. Also, please post a new HiJack This log.

-Ryan

#12 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 16 January 2007 - 03:16 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:14:14 πμ, on 16/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Lupus\Desktop\repoter.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.viewpoint.com/MTSInstall....lbl?serie=6000
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120309568109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162019415015
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by9fd.bay9.ho...ex/HMAtchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Thnak you for the infos on the rootkits and the DOS attack as this will come handy next time i fix a computer.
The AVG Anti-Rootkit didnt find anything so here is the HijackThis new report.

#13 Ryan

  • Group: Member
  • Posts: 4,867
  • Joined: 11-July 05

Posted 17 January 2007 - 12:18 PM

OK, looks like the rootkit is gone. Let's run another scan to make sure, and to see what else is hiding, becuase I'm not seeing anything in the hijack this log.

Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


== Killbox ==

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\Documents and Settings\Lupus\Local Settings\Temp\_ir_sf7_temp_1\agony.sys
C:\Documents and Settings\Lupus\agony.sys




  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.

  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


== AVG Anti-Spyware ==

Open AVG ANti-Spyware
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan. Also, tell me how your computer is working.

-Ryan

#14 Lupus2401

  • Group: Member
  • Posts: 12
  • Joined: 14-January 07

Posted 23 January 2007 - 06:35 PM

First of all Ryan i am really sorry for the late reply but i had some problems at home. Obligations among other things.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:09:27 μμ 23/1/2007

+ Scan result:



C:\WINDOWS\system32\winsecurityxp\mswinup.exe -> Backdoor.Pakes : Cleaned.
C:\Documents and Settings\Lupus\Cookies\lupus@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.16:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.180:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.101:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.102:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.103:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.104:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.41:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.24:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.25:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.30:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.29:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.75:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.192:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.206:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.207:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.80:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.81:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.82:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.83:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.162:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.121:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.89:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.90:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.91:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.183:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.184:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.185:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.186:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.26:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.27:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.28:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.105:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.106:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.115:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.100:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.196:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.116:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.117:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.118:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.92:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.21:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Lupus\Application Data\Mozilla\Firefox\Profiles\p3cbw893.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Lupus\Desktop\wk\Your.Uninstaller!.2006.PRO.v5.0.0.255.Incl.Cracked-RES\uruninstaller.exe -> Trojan.Small : Cleaned.


::Report end

Heres the report and as about the KillBox i did recieve that message you told me about.

I heard form someone that it might be a registry problem like a "hole". Like maybe there is something missing from the registry.

#15 Ryan

  • Group: Member
  • Posts: 4,867
  • Joined: 11-July 05

Posted 23 January 2007 - 09:08 PM

OK, the AVG Anti-Spyware results look fine... let's try this.

Scan for Hidden Data Streams
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Open ADS Spy.."
  • Click on "Scan"
  • Click on "Save Log..."
  • Copy and past the List from the notepad into your next post

-Ryan

Share this topic:


  • 2 Pages +
  • 1
  • 2