please can someone help me as i have spent hours and lots of money trying to fix this problem.
many thanks in advance.
this is my hijack this log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:50:19, on 08/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://admin:[email protected]/
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
--
End of file - 3187 bytes
and this is my uninstall list:
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB935448)
Mozilla Firefox (2.0.0.6)
NVIDIA Drivers
Panda ActiveScan
Realtek High Definition Audio Driver
Registry Mechanic 6.0
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Spyware Doctor 5.0
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB922582)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
all help is much appreciated
i have checked out other forums and have now done a rootkit scan by gmer here are the results:
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-09-08 20:17:29
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.13 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified.
? E:\INSTALL\GMSIPCI.SYS The system cannot find the path specified.
? C:\WINDOWS\system32\Drivers\PROCEXP110.SYS The system cannot find the file specified.
---- User code sections - GMER 1.0.13 ----
.text C:\Program Files\Spyware Doctor\svcntaux.exe[188] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\svcntaux.exe[188] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\svcntaux.exe[188] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdsvc.exe[400] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 6B, B3, C5, 83 ]
.text C:\Documents and Settings\david\Desktop\gmer\gmer.exe[460] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\david\Desktop\gmer\gmer.exe[460] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Documents and Settings\david\Desktop\gmer\gmer.exe[460] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\david\Desktop\gmer\gmer.exe[460] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[612] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[612] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[612] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[680] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[680] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[680] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[692] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[844] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[912] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[912] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1416] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1416] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[1596] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[1596] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[1596] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[1596] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1688] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 63, 92, C3, 83 ]
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1688] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[1688] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winsys2.exe[1732] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winsys2.exe[1732] user32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winsys2.exe[1732] user32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1740] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[1740] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[1748] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[1748] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1748] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1948] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1948] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1948] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[1948] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[2040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[2184] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[2184] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[2184] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Trend Micro\HijackThis\HijackThis.exe[2184] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[2360] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[2360] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\svchost.exe[2360] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[2360] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[2724] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\explorer.exe[2724] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\explorer.exe[2724] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\explorer.exe[2724] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wuauclt.exe[2856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wuauclt.exe[2856] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wuauclt.exe[2856] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wuauclt.exe[2856] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wpabaln.exe[3152] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wpabaln.exe[3152] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\system32\wpabaln.exe[3152] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wpabaln.exe[3152] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
---- Devices - GMER 1.0.13 ----
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BA7071DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BA7071DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [BA707454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BA7071DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [BA7071DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [BA7071DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [BA707454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [BA7071DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [BA6FAF4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [BA6FAF4C] fltMgr.sys
---- EOF - GMER 1.0.13 ----
Edited by djf1981, 08 September 2007 - 01:21 PM.