Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected Keylogger/Malware On PC, Hijackthis is not install

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby ndmmxiaomayi » November 4th, 2007, 10:53 pm

Hi shadowsofbodom. :)

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.

In your next reply, please post:

  1. Kaspersky Antivirus scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Unread postby shadowsofbodom » November 5th, 2007, 10:24 am

Here are the scan reports

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, November 05, 2007 9:17:49 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/11/2007
Kaspersky Anti-Virus database records: 451678
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 66856
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:06:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\6sr0ok0c.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007110520071106\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\JET25A3.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~ROMFN_00000908 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071102-000505-735.dll Infected: not-a-virus:AdWare.Win32.BHO.cs skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B67B0613-9ADE-4BFE-A338-A83044DFF5B1}\RP459\A0122726.dll Infected: not-a-virus:AdWare.Win32.BHO.cs skipped
C:\System Volume Information\_restore{B67B0613-9ADE-4BFE-A338-A83044DFF5B1}\RP464\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D918F6B1-B9D3-4053-9ADD-BA8387153C08}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:44 AM, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5513 bytes
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Unread postby ndmmxiaomayi » November 6th, 2007, 9:42 am

Hi shadowsofbodom. :)

Step 1

There is no sign of a firewall installed on your system. There are several reasons for it.

  1. You are using Windows Firewall.
  2. You are using a hardware firewall.
  3. You have a firewall, but you disabled it.
  4. You don't have a firewall at all.

If you have disabled the firewall, please re-enable it back. If you don't have one, please get ONE firewall and install it. Restart the computer for changes to take effect.

Comodo Personal Firewall
Sunbelt Kerio
Sygate Personal Firewall Free
ZoneAlarm

Step 2

Please download OTMoveIt.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all
C:\Windows\crack.exe


Click on MoveIt! (2).

Click on Exit (3).

Please refer to this picture for using OTMoveIt.

Image

A log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log.

Please copy and paste this log in your next reply.

Step 3

Please uninstall these old versions of Java as they may present a security risk.

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate J2SE Runtime Environment 5.0 Update 10 and click on Change/Remove to uninstall it.
  3. Repeat for these programs:
    • J2SE Runtime Environment 5.0 Update 11
    • Java(TM) 6 Update 2
  4. Close Add/Remove Programs and Control Panel.
  5. Restart your computer for the changes to take effect.

How's your computer performing now?

In your next reply, please post:

  1. OTMoveIt log (C:\_OTMoveIt\MovedFiles\date_time.log)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby shadowsofbodom » November 6th, 2007, 11:53 am

Hi Mayi :) Thanks for the help so far!

Step 1
It looks like I was just running regular Window's firewall. I downloaded ZoneAlarm and it seems to be running great.

Step 2
I will paste the log at the end of this post but I was wondering something. Are we assuming that C:\Windows\crack.exe was my problem. That it was the keylogger/trojan I was experiencing a problem with? And with the moveit program. Does that mean I don't have to worry about it anymore?

Step 3
I successfully uninstalled all 3 Java update things. You asked how my computer is running now. The thing is, before when I had the problem, I couldn't notice if anything was wrong, but I had an idea because my Steam accounts were being stolen. So, hopefully this is something that has changed :)

Here are the logs you requested.
(this is all there was for the moveit log)

C:\Windows\crack.exe moved successfully.

Created on 11/06/2007 10:37:57
-----------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:42 AM, on 11/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5662 bytes
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Unread postby dvk01 » November 6th, 2007, 3:58 pm

Crack.exe was a rarsfx that contains a cracked version of Alcohol120%

did you install that crack to get a free copy of Alcohol burning cd
dvk01
Visiting Staff
 
Posts: 6
Joined: May 26th, 2005, 3:50 pm

Unread postby shadowsofbodom » November 6th, 2007, 4:03 pm

Yeah, awhile ago I tryed to get a trial version of Alcohol 120%. And after the ended I was trying to figure out a way for me to continue using it.
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Unread postby shadowsofbodom » November 7th, 2007, 1:08 pm

What is a rarsfx and with the moveit program "moving" it does that mean that it's taken care of?
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Unread postby ndmmxiaomayi » November 8th, 2007, 9:28 pm

Hi shadowsofbodom,

Your computer has a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

To help you understand more, please take some time to read the follwing articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups
____________________

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.
Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. Gmer log
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby shadowsofbodom » November 9th, 2007, 11:44 am

Hi Mayi :)
It sounds like this backdoor is pretty bad news. If I chose to reformat my computer entire would it 100% remove any backdoor problems with my PC? And is it possible that the steps that you walk me through will rid me of the backdoor without having to reformat? Thank you if you can answer.

Oh, and I don't know if this was supposed to happen when I was in command prompt, but after I put in net stop gmer, the response was the specific service does not exist as an installed service...

Here are the logs...
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-09 10:26:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ 70, 82, 3F, AE, 20, E5, 3F, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified.
.text USBPORT.SYS!DllUnload F683C62C 5 Bytes JMP 86DD61B8
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7385ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7385C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7385B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F738672E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7386604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7398B9A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86FD21D8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F72E6454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7A98404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7A98404] avg7rsw.sys

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86BCC650
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86BCC650
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86D761D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86D761D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86D761D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86D761D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86D761D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86D761D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86D761D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86D761D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86D761D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86D761D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86D761D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86D761D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86D761D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86D761D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86D761D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86D761D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 86E151D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 86E151D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 86E151D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86E151D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 86E151D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 86E151D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 86E151D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\00000063 \Device\00000049 IRP_MJ_POWER [F7393D74] sptd.sys
Device \Driver\00000063 \Device\00000049 IRP_MJ_SYSTEM_CONTROL [F73AD2A2] sptd.sys
Device \Driver\00000063 \Device\00000049 IRP_MJ_PNP [F73AE228] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 86F601D8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_CREATE 86BB24C8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_CLOSE 86BB24C8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_READ 86BB24C8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_WRITE 86BB24C8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_POWER 86BB24C8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_SYSTEM_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000071 IRP_MJ_PNP 86BB24C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86D354F8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86D354F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86D354F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 86FD31D8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_CREATE 86BB24C8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_CLOSE 86BB24C8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_READ 86BB24C8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_WRITE 86BB24C8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_POWER 86BB24C8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_SYSTEM_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000074 IRP_MJ_PNP 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_CREATE 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_CLOSE 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_READ 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_WRITE 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_POWER 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_SYSTEM_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_PNP 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_CREATE 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_CLOSE 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_READ 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_WRITE 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_POWER 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_SYSTEM_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_PNP 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_CREATE 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_CLOSE 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_READ 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_WRITE 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_POWER 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_SYSTEM_CONTROL 86BB24C8
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_PNP 86BB24C8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86B67530
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86B67530
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86B67530
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86B67530
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86B67530
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86B67530
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86B67530
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86B67530
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86B67530
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86B67530
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86B67530
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86B67530
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 86D761D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 86D761D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 86D761D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 86D761D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 86D761D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 86D761D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 86D761D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 86D761D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86C067E8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 86D761D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 86D761D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 86D761D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 86D761D8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_CREATE 86B67530
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_CLOSE 86B67530
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_DEVICE_CONTROL 86B67530
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_INTERNAL_DEVICE_CONTROL 86B67530
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_CLEANUP 86B67530
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_PNP 86B67530
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 86D761D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 86D761D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 86D761D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 86D761D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 86D761D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86C067E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Unread postby shadowsofbodom » November 9th, 2007, 11:45 am

Here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:05 AM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PdeSrv2.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5839 bytes
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Unread postby ndmmxiaomayi » November 10th, 2007, 3:20 pm

Hi shadowsofbodom. :)

If I chose to reformat my computer entire would it 100% remove any backdoor problems with my PC?


Yes, this would, provided you have done the reformat and reinstallation correctly.

And is it possible that the steps that you walk me through will rid me of the backdoor without having to reformat?


I will try to. But bear in mind that fixes may render your PC unstable as much as we try to avoid it.

Oh, and I don't know if this was supposed to happen when I was in command prompt, but after I put in net stop gmer, the response was the specific service does not exist as an installed service...


That is OK. Sometimes Gmer doesn't stop properly and we use this method to end it properly. Since you get this error, it means that Gmer ended properly. :)

Your Gmer log is incomplete. Please post it again. You will need several replies to ensure that the log is not cut off.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: Suspected Keylogger/Malware On PC, Hijackthis is not install

Unread postby shadowsofbodom » November 11th, 2007, 3:55 pm

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-11 10:06:21
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT sptd.sys ZwOpenKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRenameKey
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess

---- Kernel code sections - GMER 1.0.13 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ 70, 82, 3F, AE, 20, E5, 3F, ... ]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified.
.text USBPORT.SYS!DllUnload F67FD62C 5 Bytes JMP 86DD6960
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7385ABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7385C00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7385B82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F738672E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F7386604] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7398B9A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AE3FC9F0] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AE3FCB60] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AE3FD070] \SystemRoot\System32\vsdatant.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AE3FCF10] \SystemRoot\System32\vsdatant.sys

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 86FD21D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 86FD21D8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F72E6454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Re: Suspected Keylogger/Malware On PC, Hijackthis is not install

Unread postby shadowsofbodom » November 11th, 2007, 3:57 pm

Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 86C454A8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 86C454A8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 86DE7980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 86DE7980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 86DE7980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 86DE7980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 86DE7980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 86DE7980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 86DE7980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 86DE7980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 86DE7980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 86DE7980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 86DE7980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 86DE7980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 86DE7980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 86DE7980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 86DE7980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 86DE7980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 86DDE980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 86DDE980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 86DDE980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DDE980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 86DDE980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 86DDE980
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 86DDE980
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 86F601D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86E0C980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86E0C980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_CREATE 86BCE980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_CLOSE 86BCE980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_READ 86BCE980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_WRITE 86BCE980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_POWER 86BCE980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_SYSTEM_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000072 IRP_MJ_PNP 86BCE980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86E0C980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86E0C980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSE 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 86FD31D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 86FD31D8
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_CREATE 86BCE980
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_CLOSE 86BCE980
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_READ 86BCE980
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_WRITE 86BCE980
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_POWER 86BCE980
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_SYSTEM_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000075 IRP_MJ_PNP 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_CREATE 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_CLOSE 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_READ 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_WRITE 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_POWER 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_SYSTEM_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000076 IRP_MJ_PNP 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_CREATE 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_CLOSE 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_READ 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_WRITE 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_POWER 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_SYSTEM_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000077 IRP_MJ_PNP 86BCE980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 86AFE980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 86AFE980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 86AFE980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 86AFE980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 86AFE980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 86AFE980
Device \Driver\00000063 \Device\0000004a IRP_MJ_POWER [F7393D74] sptd.sys
Device \Driver\00000063 \Device\0000004a IRP_MJ_SYSTEM_CONTROL [F73AD2A2] sptd.sys
Device \Driver\00000063 \Device\0000004a IRP_MJ_PNP [F73AE228] sptd.sys
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_CREATE 86BCE980
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_CLOSE 86BCE980
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_READ 86BCE980
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_WRITE 86BCE980
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_POWER 86BCE980
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_SYSTEM_CONTROL 86BCE980
Device \Driver\USBSTOR \Device\00000078 IRP_MJ_PNP 86BCE980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 86AFE980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 86AFE980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 86AFE980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 86AFE980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 86AFE980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 86AFE980
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 86DE7980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 86DE7980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 86DE7980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 86DE7980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 86DE7980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 86DE7980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 86DE7980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 86DE7980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86B1E980
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [AE409CC0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [AE409CC0] vsdatant.sys
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 86DE7980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 86DE7980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 86DE7980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 86DE7980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_CREATE 86AFE980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_CLOSE 86AFE980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_DEVICE_CONTROL 86AFE980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_INTERNAL_DEVICE_CONTROL 86AFE980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_CLEANUP 86AFE980
Device \Driver\NetBT \Device\NetBT_Tcpip_{2C5B92B9-E63F-4660-8C4C-BE068E685DEB} IRP_MJ_PNP 86AFE980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86B1E980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86B1E980
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 86DE7980
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 86DE7980
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 86DE7980
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 86DE7980
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 86DE7980
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 86DDE980
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 86DDE980
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 86DDE980
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86DDE980
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 86DDE980
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 86DDE980
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 86DDE980
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 86F601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 86F601D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86CBE1D8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86CBE1D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 86C454A8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Re: Suspected Keylogger/Malware On PC, Hijackthis is not install

Unread postby shadowsofbodom » November 11th, 2007, 3:58 pm

AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F72E6454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F72E61DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F72D9F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7AC4404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7AC4404] avg7rsw.sys

Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86B42600
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86B42600

---- Registry - GMER 1.0.13 ----

Reg \Registry\USER\S-1-5-21-790525478-789336058-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xCC 0xB5 0xE3 0x30 ...
Reg \Registry\USER\S-1-5-21-790525478-789336058-839522115-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xC7 0x46 0xF9 0x3E ...

---- EOF - GMER 1.0.13 ----
shadowsofbodom
Regular Member
 
Posts: 24
Joined: October 29th, 2007, 8:27 pm

Re: Suspected Keylogger/Malware On PC, Hijackthis is not install

Unread postby ndmmxiaomayi » November 13th, 2007, 5:24 pm

Hi shadowsofbodom. :)

The Gmer log looks good.

Please go to Kaspersky website and perform an online antivirus scan. Please use Internet Explorer as it uses ActiveX.

  1. Click on Kaspersky Online Scanner button.
  2. Read through the requirements and privacy statement and click on Accept button.
  3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an ActiveX from Kaspersky. Click Yes.
  4. When the downloads have finished, click on Next button.
  5. Click on Scan Settings button.
  6. Select extended under Scan using the following antivirus database:
  7. Check (tick) these boxes under Scan options:
    • Scan Archives
    • Scan Mail Bases
  8. Click OK
  9. Click on My Computer under Please select a target to scan:
  10. Once the scan is complete it will display if your system has been infected. Click on Save as text button and save it to your desktop.
  11. Copy and paste this log in your next reply.

Please post back the Kaspersky log and a new HijackThis log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 588 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware