[fenzodahl512]

Ok.. Lets ask second opinion on that file with VirusTotal

Don't forget to click on the Reanalyze file now button.. Then tell us the result please

[Advertisements]

File ntfs.sys received on 2009.08.29 00:51:47 (UTC)
Current status: finished
Result: 0/41 (0%)

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.28 -
AhnLab-V3 5.0.0.2 2009.08.28 -
AntiVir 7.9.1.7 2009.08.28 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.29 -
Avast 4.8.1335.0 2009.08.28 -
AVG 8.5.0.406 2009.08.28 -
BitDefender 7.2 2009.08.29 -
CAT-QuickHeal 10.00 2009.08.28 -
ClamAV 0.94.1 2009.08.28 -
Comodo 2124 2009.08.29 -
DrWeb 5.0.0.12182 2009.08.29 -
eSafe 7.0.17.0 2009.08.27 -
eTrust-Vet 31.6.6707 2009.08.28 -
F-Prot 4.5.1.85 2009.08.29 -
F-Secure 8.0.14470.0 2009.08.28 -
Fortinet 3.120.0.0 2009.08.28 -
GData 19 2009.08.29 -
Ikarus T3.1.1.68.0 2009.08.28 -
Jiangmin 11.0.800 2009.08.28 -
K7AntiVirus 7.10.830 2009.08.28 -
Kaspersky 7.0.0.125 2009.08.29 -
McAfee 5723 2009.08.28 -
McAfee+Artemis 5723 2009.08.28 -
McAfee-GW-Edition 6.8.5 2009.08.29 -
Microsoft 1.5005 2009.08.28 -
NOD32 4378 2009.08.28 -
Norman 2009.08.28 -
nProtect 2009.1.8.0 2009.08.28 -
Panda 10.0.2.2 2009.08.28 -
PCTools 4.4.2.0 2009.08.28 -
Prevx 3.0 2009.08.29 -
Rising 21.44.40.00 2009.08.28 -
Sophos 4.45.0 2009.08.29 -
Sunbelt 3.2.1858.2 2009.08.29 -
Symantec 1.4.4.12 2009.08.29 -
TheHacker 6.3.4.3.390 2009.08.28 -
TrendMicro 8.950.0.1094 2009.08.28 -
VBA32 3.12.10.10 2009.08.28 -
ViRobot 2009.8.28.1907 2009.08.28 -
VirusBuster 4.6.5.0 2009.08.28 -
Additional information
File size: 574592 bytes
MD5...: b78be402c3f63dd55521f73876951cdd
SHA1..: c353c331a3d3d986822d7a2bad5dbd3b9e5b7dcc
SHA256: 020d75527b4814c544820d29ca064e94f2fcb7b1ba011d63e9d2bfd4cf91ba61
ssdeep: 12288:x/Vjn0a9sqnudmcdvye4mh5Lr1zoHbYdqrFzjEjx:hVTDs+udF98mTp01B
zjE1

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85204
timedatestamp.....: 0x41107eea (Wed Aug 04 06:15:06 2004)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x176a9 0x17700 6.57 c5340c51fe1d76ba37955cdcb5cb65b6
.rdata 0x17a00 0x7070 0x7080 6.30 3036a4b7427610934825625163798e6d
.data 0x1ea80 0x1b10 0x1b80 0.74 76214bbe0ee482c4beb7618eb1d6885c
PAGE 0x20600 0x64b01 0x64b80 6.51 54b840a93e0c49229e1e1e6d429ed0a0
INIT 0x85180 0x36fe 0x3700 6.06 783fa825dbba0b975b0255d6a133a03b
.rsrc 0x88880 0x3f0 0x400 3.38 95e16dc4b27f336449d8f68098320d28
.reloc 0x88c80 0x3794 0x3800 6.73 022190376a3e41ece45f0c6fa9631a53

( 3 imports )
> ntoskrnl.exe: ExRaiseStatus, FsRtlNormalizeNtstatus, CcFlushCache, ExIsResourceAcquiredExclusiveLite, RtlInitUnicodeString, InterlockedPopEntrySList, InterlockedPushEntrySList, KeQuerySystemTime, RtlCompareMemory, FsRtlAreNamesEqual, FsRtlCheckLockForWriteAccess, FsRtlOplockIsFastIoPossible, FsRtlCheckOplock, CcSetDirtyPinnedData, MmSetAddressRangeModified, MmCanFileBeTruncated, RtlGenerate8dot3Name, RtlUpcaseUnicodeString, CcCopyWrite, CcCanIWrite, CcMdlWriteComplete, MmMapLockedPagesSpecifyCache, CcPrepareMdlWrite, IoGetTopLevelIrp, _aullshr, _allshl, IoGetStackLimits, RtlSetBits, RtlClearBits, FsRtlGetNextLargeMcbEntry, RtlAreBitsSet, RtlFindLastBackwardRunClear, RtlNumberOfClearBits, _allmul, RtlAreBitsClear, RtlFindClearBits, RtlFindClearRuns, FsRtlRemoveLargeMcbEntry, FsRtlLookupLargeMcbEntry, FsRtlAddLargeMcbEntry, KeReleaseMutant, ObfDereferenceObject, CcUninitializeCacheMap, CcSetLogHandleForFile, CcInitializeCacheMap, IoCreateStreamFileObjectLite, KeWaitForSingleObject, CcMapData, CcPinMappedData, CcPinRead, CcPreparePinWrite, CcMdlReadComplete, KeBugCheckEx, CcZeroData, FsRtlIsNtstatusExpected, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, FsRtlNotifyVolumeEvent, RtlDeleteElementGenericTableAvl, IoRemoveShareAccess, FsRtlAddToTunnelCache, FsRtlFastUnlockAll, IoGetRequestorProcess, FsRtlNotifyFilterReportChange, FsRtlDeleteKeyFromTunnelCache, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, MmFlushImageSection, KeLeaveCriticalRegion, IoSetTopLevelIrp, KeEnterCriticalRegion, IofCompleteRequest, ExQueueWorkItem, IoGetCurrentProcess, FsRtlIsNameInExpression, FsRtlDoesNameContainWildCards, IoCheckEaBufferValidity, ExIsResourceAcquiredSharedLite, KeSetEvent, IoSetInformation, FsRtlOplockFsctrl, IoUpdateShareAccess, IoSetShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ObReleaseObjectSecurity, ObGetObjectSecurity, SePrivilegeCheck, CcWaitForCurrentLazyWriterActivity, RtlGetOwnerSecurityDescriptor, FsRtlFindInTunnelCache, SeSinglePrivilegeCheck, KeClearEvent, FsRtlDissectName, _alloca_probe, IoCancelIrp, KeSetKernelStackSwapEnable, KeInitializeEvent, IoIsOperationSynchronous, IofCallDriver, MmUnmapLockedPages, IoBuildPartialMdl, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, KeGetCurrentThread, RtlDecompressBuffer, RtlDecompressFragment, RtlGetCompressionWorkSpaceSize, MmBuildMdlForNonPagedPool, IoFreeIrp, ExReleaseResourceForThreadLite, CcUnpinDataForThread, CcSetBcbOwnerPointer, FsRtlIsTotalDeviceFailure, IoMakeAssociatedIrp, ObfReferenceObject, ExGetExclusiveWaiterCount, KeDelayExecutionThread, ObReferenceObjectByHandle, IoFileObjectType, _local_unwind2, RtlCompressBuffer, MmUnlockPages, IoBuildAsynchronousFsdRequest, RtlLookupElementGenericTableAvl, SeCaptureSubjectContext, RtlUpperString, RtlCompareString, RtlInitString, FsRtlLegalAnsiCharacterArray, NlsOemLeadByteInfo, NlsMbOemCodePageTag, SeDeleteObjectAuditAlarm, ObQueryObjectAuditingByHandle, CcPurgeCacheSection, _allrem, SeAuditHardLinkCreation, SeAuditingHardLinkEventsWithContext, IoBuildDeviceIoControlRequest, CcMdlRead, KeNumberProcessors, CcDeferWrite, ZwClose, ZwCreateFile, ProbeForRead, IoBuildSynchronousFsdRequest, IoGetRelatedDeviceObject, MmPrefetchPages, ProbeForWrite, _alldiv, RtlLengthSid, SeReleaseSubjectContext, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, RtlMapGenericMask, IoGetFileObjectGenericMapping, CcSetAdditionalCacheAttributes, FsRtlBalanceReads, ObQueryNameString, wcslen, IoCreateDevice, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadNotPossible, CcFastCopyRead, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadWait, CcFastCopyWrite, CcFastMdlReadWait, FsRtlUninitializeLargeMcb, FsRtlInitializeLargeMcb, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAllByKey, FsRtlProcessFileLock, ExDeleteResourceLite, ExInitializeResourceLite, KeInitializeSpinLock, FsRtlResetLargeMcb, KeSetTimer, ExAcquireSharedStarveExclusive, CcGetDirtyPages, KeSetPriorityThread, FsRtlLookupLastLargeMcbEntry, FsRtlNumberOfRunsInLargeMcb, FsRtlSplitLargeMcb, FsRtlTruncateLargeMcb, CcRemapBcb, RtlFreeOemString, RtlUnicodeStringToCountedOemString, FsRtlIsFatDbcsLegal, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoRaiseInformationalHardError, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, IoVolumeDeviceToDosName, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, CcMdlWriteAbort, IoIsSystemThread, RtlLengthSecurityDescriptor, SeAssignSecurity, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, MmIsThisAnNtAsSystem, MmQuerySystemSize, ZwQueryValueKey, ZwOpenKey, RtlVerifyVersionInfo, VerSetConditionMask, IoRegisterDriverReinitialization, KeInitializeDpc, KeInitializeTimer, IoRegisterFileSystem, KeBugCheck, KeInitializeMutant, FsRtlMdlWriteCompleteDev, FsRtlMdlReadCompleteDev, ExUuidCreate, RtlDelete, RtlSplay, RtlValidSid, RtlInsertElementGenericTableFullAvl, RtlLookupElementGenericTableFullAvl, SeQueryInformationToken, RtlEqualSid, SeExports, IoCheckQuotaBufferValidity, RtlInitializeGenericTableAvl, CcSetReadAheadGranularity, FsRtlCheckLockForReadAccess, ExAcquireSharedWaitForExclusive, FsRtlPostStackOverflow, FsRtlPostPagingFileStackOverflow, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, SeValidSecurityDescriptor, SeFreePrivileges, SeDeassignSecurity, SeSetSecurityDescriptorInfo, SeQuerySecurityDescriptorInfo, SeOpenObjectAuditAlarm, SeOpenObjectForDeleteAuditAlarm, SeAppendPrivileges, SeAuditingFileEventsWithContext, RtlEnumerateGenericTableWithoutSplayingAvl, FsRtlFreeFileLock, FsRtlAllocateFileLock, ExReinitializeResourceLite, FsRtlNotifyInitializeSync, FsRtlInitializeTunnelCache, RtlInsertElementGenericTableAvl, FsRtlUninitializeOplock, FsRtlInitializeOplock, FsRtlTeardownPerStreamContexts, IoDeleteDevice, FsRtlDeleteTunnelCache, FsRtlNotifyUninitializeSync, RtlEnumerateGenericTableAvl, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoSetDeviceToVerify, KeTickCount, _abnormal_termination, _except_handler3, RtlFindNextForwardRunClear, ExAcquireFastMutexUnsafe, ExAllocatePoolWithTag, RtlInitializeBitMap, ExFreePoolWithTag, memmove, ExReleaseFastMutexUnsafe, ExReleaseResourceLite, _allshr, ExAcquireResourceSharedLite, ExAcquireResourceExclusiveLite, CcUnpinData, CcCopyRead, CcSetFileSizes, RtlFillMemoryUlong, IoPageRead, IoFreeErrorLogEntry, IoSynchronousPageWrite, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, IoGetDeviceObjectPointer, KeUnstackDetachProcess, KeStackAttachProcess, PsLookupProcessByProcessId, ZwWaitForSingleObject, PsCreateSystemThread, ZwCreateEvent, PoQueueShutdownWorkItem, ZwFreeVirtualMemory, PsRevertToSelf, PsDereferenceImpersonationToken, PsImpersonateClient, PsReferenceImpersonationToken, ZwAllocateVirtualMemory, ObReferenceObjectByPointer
> HAL.dll: KeAcquireInStackQueuedSpinLock, ExAcquireFastMutex, KeReleaseQueuedSpinLock, KeAcquireQueuedSpinLock, KfReleaseSpinLock, ExTryToAcquireFastMutex, ExReleaseFastMutex, KeReleaseInStackQueuedSpinLock, KfAcquireSpinLock
> ksecdd.sys: GenerateSessionKey, EfsGenerateKey, GenerateDirEfs, InitSecurityInterfaceW, EfsDecryptFek

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

[jjplan]

File ntfs.sys received on 2009.08.29 00:51:47 (UTC)
Current status: finished
Result: 0/41 (0%)

Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.08.28 -
AhnLab-V3 5.0.0.2 2009.08.28 -
AntiVir 7.9.1.7 2009.08.28 -
Antiy-AVL 2.0.3.7 2009.08.24 -
Authentium 5.1.2.4 2009.08.29 -
Avast 4.8.1335.0 2009.08.28 -
AVG 8.5.0.406 2009.08.28 -
BitDefender 7.2 2009.08.29 -
CAT-QuickHeal 10.00 2009.08.28 -
ClamAV 0.94.1 2009.08.28 -
Comodo 2124 2009.08.29 -
DrWeb 5.0.0.12182 2009.08.29 -
eSafe 7.0.17.0 2009.08.27 -
eTrust-Vet 31.6.6707 2009.08.28 -
F-Prot 4.5.1.85 2009.08.29 -
F-Secure 8.0.14470.0 2009.08.28 -
Fortinet 3.120.0.0 2009.08.28 -
GData 19 2009.08.29 -
Ikarus T3.1.1.68.0 2009.08.28 -
Jiangmin 11.0.800 2009.08.28 -
K7AntiVirus 7.10.830 2009.08.28 -
Kaspersky 7.0.0.125 2009.08.29 -
McAfee 5723 2009.08.28 -
McAfee+Artemis 5723 2009.08.28 -
McAfee-GW-Edition 6.8.5 2009.08.29 -
Microsoft 1.5005 2009.08.28 -
NOD32 4378 2009.08.28 -
Norman 2009.08.28 -
nProtect 2009.1.8.0 2009.08.28 -
Panda 10.0.2.2 2009.08.28 -
PCTools 4.4.2.0 2009.08.28 -
Prevx 3.0 2009.08.29 -
Rising 21.44.40.00 2009.08.28 -
Sophos 4.45.0 2009.08.29 -
Sunbelt 3.2.1858.2 2009.08.29 -
Symantec 1.4.4.12 2009.08.29 -
TheHacker 6.3.4.3.390 2009.08.28 -
TrendMicro 8.950.0.1094 2009.08.28 -
VBA32 3.12.10.10 2009.08.28 -
ViRobot 2009.8.28.1907 2009.08.28 -
VirusBuster 4.6.5.0 2009.08.28 -
Additional information
File size: 574592 bytes
MD5...: b78be402c3f63dd55521f73876951cdd
SHA1..: c353c331a3d3d986822d7a2bad5dbd3b9e5b7dcc
SHA256: 020d75527b4814c544820d29ca064e94f2fcb7b1ba011d63e9d2bfd4cf91ba61
ssdeep: 12288:x/Vjn0a9sqnudmcdvye4mh5Lr1zoHbYdqrFzjEjx:hVTDs+udF98mTp01B
zjE1

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x85204
timedatestamp.....: 0x41107eea (Wed Aug 04 06:15:06 2004)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x176a9 0x17700 6.57 c5340c51fe1d76ba37955cdcb5cb65b6
.rdata 0x17a00 0x7070 0x7080 6.30 3036a4b7427610934825625163798e6d
.data 0x1ea80 0x1b10 0x1b80 0.74 76214bbe0ee482c4beb7618eb1d6885c
PAGE 0x20600 0x64b01 0x64b80 6.51 54b840a93e0c49229e1e1e6d429ed0a0
INIT 0x85180 0x36fe 0x3700 6.06 783fa825dbba0b975b0255d6a133a03b
.rsrc 0x88880 0x3f0 0x400 3.38 95e16dc4b27f336449d8f68098320d28
.reloc 0x88c80 0x3794 0x3800 6.73 022190376a3e41ece45f0c6fa9631a53

( 3 imports )
> ntoskrnl.exe: ExRaiseStatus, FsRtlNormalizeNtstatus, CcFlushCache, ExIsResourceAcquiredExclusiveLite, RtlInitUnicodeString, InterlockedPopEntrySList, InterlockedPushEntrySList, KeQuerySystemTime, RtlCompareMemory, FsRtlAreNamesEqual, FsRtlCheckLockForWriteAccess, FsRtlOplockIsFastIoPossible, FsRtlCheckOplock, CcSetDirtyPinnedData, MmSetAddressRangeModified, MmCanFileBeTruncated, RtlGenerate8dot3Name, RtlUpcaseUnicodeString, CcCopyWrite, CcCanIWrite, CcMdlWriteComplete, MmMapLockedPagesSpecifyCache, CcPrepareMdlWrite, IoGetTopLevelIrp, _aullshr, _allshl, IoGetStackLimits, RtlSetBits, RtlClearBits, FsRtlGetNextLargeMcbEntry, RtlAreBitsSet, RtlFindLastBackwardRunClear, RtlNumberOfClearBits, _allmul, RtlAreBitsClear, RtlFindClearBits, RtlFindClearRuns, FsRtlRemoveLargeMcbEntry, FsRtlLookupLargeMcbEntry, FsRtlAddLargeMcbEntry, KeReleaseMutant, ObfDereferenceObject, CcUninitializeCacheMap, CcSetLogHandleForFile, CcInitializeCacheMap, IoCreateStreamFileObjectLite, KeWaitForSingleObject, CcMapData, CcPinMappedData, CcPinRead, CcPreparePinWrite, CcMdlReadComplete, KeBugCheckEx, CcZeroData, FsRtlIsNtstatusExpected, DbgBreakPoint, DbgPrint, KdDebuggerEnabled, FsRtlNotifyVolumeEvent, RtlDeleteElementGenericTableAvl, IoRemoveShareAccess, FsRtlAddToTunnelCache, FsRtlFastUnlockAll, IoGetRequestorProcess, FsRtlNotifyFilterReportChange, FsRtlDeleteKeyFromTunnelCache, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, MmFlushImageSection, KeLeaveCriticalRegion, IoSetTopLevelIrp, KeEnterCriticalRegion, IofCompleteRequest, ExQueueWorkItem, IoGetCurrentProcess, FsRtlIsNameInExpression, FsRtlDoesNameContainWildCards, IoCheckEaBufferValidity, ExIsResourceAcquiredSharedLite, KeSetEvent, IoSetInformation, FsRtlOplockFsctrl, IoUpdateShareAccess, IoSetShareAccess, IoCheckShareAccess, FsRtlCurrentBatchOplock, ObReleaseObjectSecurity, ObGetObjectSecurity, SePrivilegeCheck, CcWaitForCurrentLazyWriterActivity, RtlGetOwnerSecurityDescriptor, FsRtlFindInTunnelCache, SeSinglePrivilegeCheck, KeClearEvent, FsRtlDissectName, _alloca_probe, IoCancelIrp, KeSetKernelStackSwapEnable, KeInitializeEvent, IoIsOperationSynchronous, IofCallDriver, MmUnmapLockedPages, IoBuildPartialMdl, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, KeGetCurrentThread, RtlDecompressBuffer, RtlDecompressFragment, RtlGetCompressionWorkSpaceSize, MmBuildMdlForNonPagedPool, IoFreeIrp, ExReleaseResourceForThreadLite, CcUnpinDataForThread, CcSetBcbOwnerPointer, FsRtlIsTotalDeviceFailure, IoMakeAssociatedIrp, ObfReferenceObject, ExGetExclusiveWaiterCount, KeDelayExecutionThread, ObReferenceObjectByHandle, IoFileObjectType, _local_unwind2, RtlCompressBuffer, MmUnlockPages, IoBuildAsynchronousFsdRequest, RtlLookupElementGenericTableAvl, SeCaptureSubjectContext, RtlUpperString, RtlCompareString, RtlInitString, FsRtlLegalAnsiCharacterArray, NlsOemLeadByteInfo, NlsMbOemCodePageTag, SeDeleteObjectAuditAlarm, ObQueryObjectAuditingByHandle, CcPurgeCacheSection, _allrem, SeAuditHardLinkCreation, SeAuditingHardLinkEventsWithContext, IoBuildDeviceIoControlRequest, CcMdlRead, KeNumberProcessors, CcDeferWrite, ZwClose, ZwCreateFile, ProbeForRead, IoBuildSynchronousFsdRequest, IoGetRelatedDeviceObject, MmPrefetchPages, ProbeForWrite, _alldiv, RtlLengthSid, SeReleaseSubjectContext, SeUnlockSubjectContext, SeAccessCheck, SeLockSubjectContext, RtlMapGenericMask, IoGetFileObjectGenericMapping, CcSetAdditionalCacheAttributes, FsRtlBalanceReads, ObQueryNameString, wcslen, IoCreateDevice, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadNotPossible, CcFastCopyRead, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadWait, CcFastCopyWrite, CcFastMdlReadWait, FsRtlUninitializeLargeMcb, FsRtlInitializeLargeMcb, FsRtlPrivateLock, FsRtlFastUnlockSingle, FsRtlFastUnlockAllByKey, FsRtlProcessFileLock, ExDeleteResourceLite, ExInitializeResourceLite, KeInitializeSpinLock, FsRtlResetLargeMcb, KeSetTimer, ExAcquireSharedStarveExclusive, CcGetDirtyPages, KeSetPriorityThread, FsRtlLookupLastLargeMcbEntry, FsRtlNumberOfRunsInLargeMcb, FsRtlSplitLargeMcb, FsRtlTruncateLargeMcb, CcRemapBcb, RtlFreeOemString, RtlUnicodeStringToCountedOemString, FsRtlIsFatDbcsLegal, FsRtlFastCheckLockForWrite, FsRtlFastCheckLockForRead, IoRaiseInformationalHardError, RtlAppendUnicodeStringToString, RtlCopyUnicodeString, IoVolumeDeviceToDosName, IoReleaseCancelSpinLock, IoAcquireCancelSpinLock, CcMdlWriteAbort, IoIsSystemThread, RtlLengthSecurityDescriptor, SeAssignSecurity, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, RtlSubAuthoritySid, RtlInitializeSid, RtlLengthRequiredSid, ExInitializePagedLookasideList, ExInitializeNPagedLookasideList, MmIsThisAnNtAsSystem, MmQuerySystemSize, ZwQueryValueKey, ZwOpenKey, RtlVerifyVersionInfo, VerSetConditionMask, IoRegisterDriverReinitialization, KeInitializeDpc, KeInitializeTimer, IoRegisterFileSystem, KeBugCheck, KeInitializeMutant, FsRtlMdlWriteCompleteDev, FsRtlMdlReadCompleteDev, ExUuidCreate, RtlDelete, RtlSplay, RtlValidSid, RtlInsertElementGenericTableFullAvl, RtlLookupElementGenericTableFullAvl, SeQueryInformationToken, RtlEqualSid, SeExports, IoCheckQuotaBufferValidity, RtlInitializeGenericTableAvl, CcSetReadAheadGranularity, FsRtlCheckLockForReadAccess, ExAcquireSharedWaitForExclusive, FsRtlPostStackOverflow, FsRtlPostPagingFileStackOverflow, IoReleaseVpbSpinLock, IoAcquireVpbSpinLock, SeValidSecurityDescriptor, SeFreePrivileges, SeDeassignSecurity, SeSetSecurityDescriptorInfo, SeQuerySecurityDescriptorInfo, SeOpenObjectAuditAlarm, SeOpenObjectForDeleteAuditAlarm, SeAppendPrivileges, SeAuditingFileEventsWithContext, RtlEnumerateGenericTableWithoutSplayingAvl, FsRtlFreeFileLock, FsRtlAllocateFileLock, ExReinitializeResourceLite, FsRtlNotifyInitializeSync, FsRtlInitializeTunnelCache, RtlInsertElementGenericTableAvl, FsRtlUninitializeOplock, FsRtlInitializeOplock, FsRtlTeardownPerStreamContexts, IoDeleteDevice, FsRtlDeleteTunnelCache, FsRtlNotifyUninitializeSync, RtlEnumerateGenericTableAvl, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, IoSetDeviceToVerify, KeTickCount, _abnormal_termination, _except_handler3, RtlFindNextForwardRunClear, ExAcquireFastMutexUnsafe, ExAllocatePoolWithTag, RtlInitializeBitMap, ExFreePoolWithTag, memmove, ExReleaseFastMutexUnsafe, ExReleaseResourceLite, _allshr, ExAcquireResourceSharedLite, ExAcquireResourceExclusiveLite, CcUnpinData, CcCopyRead, CcSetFileSizes, RtlFillMemoryUlong, IoPageRead, IoFreeErrorLogEntry, IoSynchronousPageWrite, ExDeletePagedLookasideList, ExDeleteNPagedLookasideList, IoGetDeviceObjectPointer, KeUnstackDetachProcess, KeStackAttachProcess, PsLookupProcessByProcessId, ZwWaitForSingleObject, PsCreateSystemThread, ZwCreateEvent, PoQueueShutdownWorkItem, ZwFreeVirtualMemory, PsRevertToSelf, PsDereferenceImpersonationToken, PsImpersonateClient, PsReferenceImpersonationToken, ZwAllocateVirtualMemory, ObReferenceObjectByPointer
> HAL.dll: KeAcquireInStackQueuedSpinLock, ExAcquireFastMutex, KeReleaseQueuedSpinLock, KeAcquireQueuedSpinLock, KfReleaseSpinLock, ExTryToAcquireFastMutex, ExReleaseFastMutex, KeReleaseInStackQueuedSpinLock, KfAcquireSpinLock
> ksecdd.sys: GenerateSessionKey, EfsGenerateKey, GenerateDirEfs, InitSecurityInterfaceW, EfsDecryptFek

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

[fenzodahl512]

Awesome.. The file is clean anyway... So, how's the computer now?

[jjplan]

G'Evening, fenzodahl512!

Hihihihihi ! My PC has now very smooth paging, and seems that there is no unintended internet access. It looks very healthy as if I was recovered from the new H1A1 influ . This is all thanks to you and the former staff. I appreciate from my heart.

And what do you think of VirSCAN.org? I think it really has a fatal problem with its engine at this moment. You should announce this to your colleagues.

Sincerely yours..

[fenzodahl512]

Not sure what happened with VirScan.. Must be something on their side, but we always have alternative scans anyway..

I'm gonna close this topic now..

[fenzodahl512]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.