Do i have a virus?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

maria01773

Thread Starter
Joined
Jan 29, 2013
Messages
4
hello, i hope someone will be able to help me out here. my home pc RUNS ON WINDOWS 7 and as been shutting down on its own randomly for the last couple of week. iv done a system restore that took me back over three weeks ago and still the same is happening. iv run AVG, CCleaner,Ad-aware,AVG Anti-spyware and also SuperAntispyware but nothing is correcting the problem. today its shut down roughly about 8 times and it asnt done it that many times in one day. I ran a cpu tempreture check and that showed up ok. here is my cpu, motherboard and graphics information just incase it helps. here is the TSG results also i dont know what other information i should be supplying sorry. many thanks


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
Processor: AMD Sempron(tm) 145 Processor, AMD64 Family 16 Model 6 Stepping 3
Processor Count: 1
RAM: 4095 Mb
Graphics Card: NVIDIA GeForce GT 430, 1023 Mb
Hard Drives: C: Total - 152524 MB, Free - 111303 MB; E: Total - 1430796 MB, Free - 1173190 MB;
Motherboard: ECS, MCP61M-M3
Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

CPU
AMD Sempron 145
Cores 1
Threads 1
Name AMD Sempron 145
Code Name Sargas
Package Socket AM3 (938)
Technology 45nm
Specification AMD Sempron 145 Processor
Family F
Extended Family 10
Model 6
Extended Model 6
Stepping 3
Revision DA-C3
Instructions MMX (+), 3DNow! (+), SSE, SSE2, SSE3, SSE4A, AMD 64
Virtualization Supported, Disabled
Hyperthreading Not supported
Fan Speed 1858 RPM
Bus Speed 200.9 MHz
Rated Bus Speed 1004.5 MHz
Stock Core Speed 2800 MHz
Stock Bus Speed 200 MHz
Average Temperature 45 °C
Caches
L1 Data Cache Size 64 KBytes
L1 Instructions Cache Size 64 KBytes
L2 Unified Cache Size 1024 KBytes
Core 0


Motherboard
Manufacturer ECS
Model MCP61M-M3 (CPU 1)
Version 7.0
Chipset Vendor NVIDIA
Chipset Model MCP61
Chipset Revision A3
Southbridge Vendor NVIDIA
Southbridge Model MCP61
Southbridge Revision A2
System Temperature 30 °C
BIOS
Brand American Megatrends Inc.
Version 080015
Date 11/03/2010
Voltage
+3.3V 3.424 V
CPU CORE 1.312 V
VIN2 3.008 V
VIN3 1.247 V
VSB3V 3.424 V
CMOS BATTERY 2.864 V
PCI Data
Slot UNKNOWN
Slot Type UNKNOWN
Slot Usage In Use
Bus Width 32 bit
Slot Designation AGP
Slot Number 0
Slot PCI
Slot Type PCI
Slot Usage Available
Bus Width 32 bit
Slot Designation PCI1
Slot Number 1


Graphics
Monitor
Name HP L2045w on NVIDIA GeForce GT 430
Current Resolution 1680x1050 pixels
Work Resolution 1680x1010 pixels
State enabled, primary
Monitor Width 1680
Monitor Height 1050
Monitor BPP 32 bits per pixel
Monitor Frequency 59 Hz
Device \\.\DISPLAY1\Monitor0


GeForce GT 430


GPU GF108
Device ID 10DE-0DE1
Revision A2
Subvendor PNY (196E)
Series GeForce GT 400
Current Performance Level Level 1
Current GPU Clock 50 MHz
Current Memory Clock 135 MHz
Current Shader Clock 101 MHz
Voltage 0.880 V
Die Size 116 nm²
Release Date Oct 11, 2010
DirectX Support 11.0
OpenGL Support 5.0
Bus Interface PCI Express x16
Temperature 39 °C
Driver version 9.18.13.697
BIOS Version 70.08.29.00.52
ROPs 8
Shaders 96 unified
Memory Type DDR3
Physical Memory 1023 MB
Virtual Memory 2816 MB
Bus Width 64x2 (128 bit)
Filtering Modes 16x Anisotropic
Noise Level Quiet
Max Power Draw 49 Watts
Count of performance levels : 3
Level 1 - "Default"
GPU Clock 50 MHz
Memory Clock 135 MHz
Shader Clock 101 MHz
Level 2 - "2D Desktop"
GPU Clock 405 MHz
Memory Clock 324 MHz
Shader Clock 810 MHz
Level 3 - "3D Applications"
GPU Clock 700 MHz
Memory Clock 800 MHz
Shader Clock 1400 MHz
OpenGL
Version 4.2.0
Vendor NVIDIA Corporation
Renderer GeForce GT 430/PCIe/SSE2
GLU Version 1.2.2.0 Microsoft Corporation
Values
GL Extensions
 

maria01773

Thread Starter
Joined
Jan 29, 2013
Messages
4
hello there, i have just double cheacked all my drivers and they are all up to date. thank you maria
 

maria01773

Thread Starter
Joined
Jan 29, 2013
Messages
4
sorry i didnt read the stickies, i have now so i will post the results, hope these are the right ones. many thanks maria

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:19:57, on 30/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\SysWOW64\CTPdeSrv.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\Maria\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvmon.exe"
O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm



DS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Maria at 8:21:34 on 2013-01-30
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2026 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\PrintDisp.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe
C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\System32\PrintDisp.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe
C:\Program Files\BitComet\tools\BitCometService.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Windows\SysWOW64\CTPdeSrv.exe
C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 26/06/2012 12:21:04
System Uptime: 30/01/2013 07:13:04 (1 hours ago)
.
Motherboard: ECS | | MCP61M-M3
Processor: AMD Sempron(tm) 145 Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 108.689 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 1397 GiB total, 1145.694 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\6&72D6705&0&4
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\6&72D6705&0&4
Service:
.
==== System Restore Points ===================
.
RP98: 14/01/2013 19:35:23 - Installed Zune 4.8
RP99: 29/01/2013 21:58:52 - ARO 2012 - Before Installation
RP100: 29/01/2013 22:00:07 - ARO 2012 - FIRST RUN
RP101: 29/01/2013 22:15:56 - ARO 2012 Tue, Jan 29, 13 22:15
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
Ad-Aware
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG Anti-Spyware 7.5
AVG Security Toolbar
BitComet 1.32 64-bit
Bonjour
Browser Manager
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MG4100 series MP Drivers
Canon MG4100 series On-screen Manual
Canon MG4100 series User Registration
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
CCleaner
ConvertXtoDVD 4.1.19.365
Creative Jukebox Driver
Creative MediaSource 5
D3DX10
DirectDownloader
Download Manager and Options
Express Zip
Free Video Converter V 3.1
Google Toolbar for Internet Explorer
Google Update Helper
Internet TV for Windows Media Center
iTunes
Junk Mail filter update
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 98
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Drivers
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
PlayBryte
Prism Video File Converter
Protected Search 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Service Pack 2 for SQL Server 2008 (KB2285068)
Speccy
Sql Server Customer Experience Improvement Program
SUPERAntiSpyware
Switch Sound File Converter
UltiDev Web Server Pro
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
VideoFileDownload
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
29/01/2013 21:43:23, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
29/01/2013 14:13:24, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
29/01/2013 13:01:52, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
29/01/2013 13:01:52, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
29/01/2013 13:00:50, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
26/01/2013 14:19:28, Error: bowser [8003] - The master browser has received a server announcement from the computer TEXTME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2EAA0504-CAA8-4EFA-8AE9-157D25CC463F}. The master browser is stopping or an election is being forced.
23/01/2013 23:51:21, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Maria-PC\Guest SID (S-1-5-21-469256521-1560171154-575984373-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
.
==== End Of File ===========================


apz/x64 GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-06 20:21:33
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwniafod.sys

---- Kernel code sections - GMER 2.0 ----
.text C:\Windows\system32\DRIVERS\ataport.SYS!AtaPortInitialize + 357 fffff880010c24d9 11 bytes {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
.text C:\Windows\system32\DRIVERS\ataport.SYS!AtaPortInitialize + 397 fffff880010c2501 11 bytes {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
---- Devices - GMER 2.0 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\ScsiPort0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\ScsiPort0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\ScsiPort1 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
Device \Driver\atapi \Device\ScsiPort1 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
---- Trace I/O - GMER 2.0 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS >>UNKNOWN [0xfffffa80024fbdd1]<< >>UNKNOWN [0xfffffa8000822064]<< intelide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8000822064
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8001348790] fffffa8001348790
Trace 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800129d060] fffffa800129d060
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 Windows 7 default MBR code found via API
Disk \Device\Harddisk0\DR0 unknown MBR code
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
---- EOF - GMER 2.0 ----

ZAccess/x64 GMER 2.0.18327 - http://www.gmer.net
Rootkit scan 2012-12-21 20:10:17
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwniafod.sys

---- User code sections - GMER 2.0 ----
.reloc C:\Windows\system32\services.exe [440] section is executable [0x4A8, 0xA0000020] 00000000ff532000
---- Threads - GMER 2.0 ----
Thread C:\Windows\system32\services.exe [440:1080] 00000000000d1e58
---- EOF - GMER 2.0 ----

[email protected]/x64 GMER 2.0.17849 - http://www.gmer.net
Rootkit scan 2012-12-24 15:37:02
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 TOSHIBA_MK1255GSX_H rev.FG001Q 111.79GB
Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\uwldqpod.sys

---- Devices - GMER 2.0 ----
Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8002db8e84
Device \Driver\volmgr \Device\FtControl fffffa8002db8e84
Device \Driver\volmgr \Device\VolMgrControl fffffa8002db8e84
Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8002db8e84
Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8002db8e84
Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8002db8e84
---- Trace I/O - GMER 2.0 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002db6560]<< ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8002db6560
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002d94530] fffffa8002d94530
Trace 3 CLASSPNP.SYS[fffff880018a843f] -> nt!IofCallDriver -> [0xfffffa8001e42600] fffffa8001e42600
Trace 5 ACPI.sys[fffff88000f45781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8002863060] fffffa8002863060
Trace \Driver\atapi[0xfffffa8001e45060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002db6560 fffffa8002db6560
---- Threads - GMER 2.0 ----
Thread System [4:196] fffffa8002db8b24
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
Disk \Device\Harddisk0\DR0 suspicious partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 163840000
---- EOF - GMER 2.0 ----

TDL4/[email protected] GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-21 22:34:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200BB-22KEA0 rev.08.05J08
Running: rplt1sur.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdrpob.sys

---- System - GMER 1.0.15 ----
SSDT 8A272CB8 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA3630350]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA3630580]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F8000A
.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F9000A
.text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F7000C
.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0305000A
.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0306000A
.text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0326000A
.text C:\WINDOWS\System32\svchost.exe[968] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 0108000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0182000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0183000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0167000C
.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0153000A
.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0154000A
.text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0152000C
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8A78127F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A78127F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A78127F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8A78127F
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200BB-22KEA0_____________________08.05J08#5&60ba549&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 1.0.15 ----

TDSS GMER 1.0.15.15121 - http://www.gmer.net
Rootkit scan 2009-10-03 13:54:24
Windows 5.1.2600 Service Pack 2

---- Kernel code sections - GMER 1.0.15 ----
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74CB380]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort1 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort2 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort3 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort4 [F74BE9F2] atapi.sys[unknown section]
Device \Driver\atapi \Device\Ide\IdePort5 [F74BE9F2] atapi.sys[unknown section]
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\Device\Ide\IdePort5\kbwwiibi\kbwwiibi\tdlwsp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1736] 0x10000000
---- EOF - GMER 1.0.15 ----

Tigger/Syzor GMER 1.0.15.14918 - http://www.gmer.net
Rootkit scan 2009-01-12 15:18:21
Windows 5.1.2600 Dodatek Service Pack 2

---- Kernel code sections - GMER 1.0.15 ----
PAGEKD KDCOM.DLL!KdSendPacket F9F4D1B2 8 Bytes [FF, 35, 00, F0, 8F, 81, 9B, ...] {PUSH DWORD [0x818ff000]; WAIT ; RET }
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 1 Byte [55]
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 7 Bytes [55, FF, 25, 00, 00, F6, 00] {PUSH EBP; JMP [0xf60000]}
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 1 Byte [55]
.text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 7 Bytes [55, FF, 25, 00, 00, 1F, 01] {PUSH EBP; JMP [0x11f0000]}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE F8B98880
Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ F8B99E54
Device \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ F8B99E54
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ F8B992DC
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE F8B9932E
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN F8B99FA0
---- Threads - GMER 1.0.15 ----
Thread System [4:300] F8B99EB4
Thread System [4:1164] F8B99490
Thread System [4:1740] F8B98988
Thread System [4:1388] F8B9A022
---- EOF - GMER 1.0.15 ----

MBR rootkit/Mebroot/Sinowal GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-24 07:50:49
Windows 5.1.2600 Service Pack 3

---- Disk sectors - GMER 1.0.14 ----
Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x25429800 size 0x2c4
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
---- Kernel code sections - GMER 1.0.14 ----
PAGE CLASSPNP.SYS!ClassInitialize + F4 F9A934B2 4 Bytes [ 7E, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + FF F9A934BD 4 Bytes [ 28, 74, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 10A F9A934C8 4 Bytes [ 90, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 111 F9A934CF 4 Bytes [ 84, C8, 84, 81 ]
PAGE CLASSPNP.SYS!ClassInitialize + 118 F9A934D6 4 Bytes [ 8A, C8, 84, 81 ]
PAGE ...
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00D52B9A
.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00D52B57
.text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00D52B1B
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D5298C
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00D52A7E
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00D529C4
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00D529FC
.text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00D52B00
---- Devices - GMER 1.0.14 ----
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 855A1410
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 855A1410
---- Threads - GMER 1.0.14 ----
Thread 4:796 855BBC80
Thread 4:800 855A8D80
Thread 4:804 85663DC0
Thread 4:808 85594E00
Thread 4:2856 855BBC80
Thread 4:2860 855A8D80
Thread 4:2864 85663DC0
Thread 4:2868 85594E00
---- EOF - GMER 1.0.14 ----
C:\>mbr.exe -t
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85938E90]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x85938e90
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x8593fc20
NDIS: Intel(R) 82566DM-2 Gigabit Network Connection -> SendCompleteHandler -> 0x8596e700
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0100A757
malicious code @ sector 0x0100A75A !
PE file found in sector at 0x0100A770 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

RioDrvs.sys GMER 1.0.13.12482 - http://www.gmer.net
Rootkit scan 2007-06-15 08:55:07
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.13 ----
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D8] PUSH F7912914; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwClose
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D8] ZwClose
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460EA] PUSH F79133AA; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460EA] ZwDeleteKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460F0] PUSH F7913432; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteValueKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460F0] ZwDeleteValueKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D2] PUSH F7912888; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwEnumerateKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D2] ZwEnumerateKey
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460CC] PUSH F7913140; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwLoadDriver
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460CC] ZwLoadDriver
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460DE] PUSH F7912A40; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwQueryDirectoryFile
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460DE] ZwQueryDirectoryFile
SSDT \WINDOWS\system32\ntkrnlpa.exe [805460E4] PUSH F7913320; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwSaveKey
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460E4] ZwSaveKey
---- Processes - GMER 1.0.13 ----
Library C:\WINDOWS\LINKINFO.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x10000000
Library C:\WINDOWS\system32\linkinfo.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x76960000
---- Files - GMER 1.0.13 ----
File C:\WINDOWS\linkinfo.dll
File C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
File C:\WINDOWS\system32\drivers\RioDrvs.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\linkinfo.dll
---- Services - GMER 1.0.13 ----
Service C:\WINDOWS\system32\DRIVERS\RioDrvs.sys [AUTO] RioDrvs <-- ROOTKIT !!!
---- EOF - GMER 1.0.13 ----

VideoAti0.sys GMER 1.0.12.12070 - http://www.gmer.net
Rootkit scan 2007-02-26 15:38:06
Windows 5.1.2600 Service Pack 2

---- Kernel code sections - GMER 1.0.12 ----
PAGE ntoskrnl.exe!ZwQueryKey + 201 8056F674 6 Bytes PUSH FC8152D4; RET
? C:\WINDOWS\system32\drivers\Ntfs.sys Access denied.
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE FC814E94
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL FC815084
Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CREATE FC8144AC
Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CLOSE FC8144AC
---- Modules - GMER 1.0.12 ----
Module \SystemRoot\System32\drivers\VideoAti0.sys (*** hidden *** ) FC814000
---- Files - GMER 1.0.12 ----
File C:\WINDOWS\system32\drivers\VideoAti0.sys
File C:\WINDOWS\system32\VideoAti0.dll
File C:\WINDOWS\system32\VideoAti0.exe
---- EOF - GMER 1.0.12 ----

wincom32.sys GMER 1.0.12.12012 - http://www.gmer.net
Rootkit scan 2007-02-04 13:46:33
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009B083C
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009B07B6
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009B05E4
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009B045D
.text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009B0505
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 011E083C
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011E07B6
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011E05E4
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011E045D
.text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011E0505
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E1083C
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E107B6
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E105E4
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E1045D
.text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E10505
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A1083C
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A107B6
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A105E4
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A1045D
.text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A10505
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D0083C
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D007B6
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D005E4
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D0045D
.text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D00505
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008E083C
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 008E07B6
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E05E4
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E045D
.text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 008E0505
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0196083C
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 019607B6
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019605E4
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0196045D
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01960505
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0077083C
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 007707B6
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007705E4
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0077045D
.text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00770505
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A4083C
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A407B6
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A405E4
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A4045D
.text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A40505
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00DB083C
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DB07B6
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DB05E4
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB045D
.text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DB0505
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E3083C
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E307B6
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E305E4
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E3045D
.text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E30505
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
.text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
---- Devices - GMER 1.0.12 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
---- Processes - GMER 1.0.12 ----
Process C:\WINDOWS\system32\taskdir.exe (*** hidden *** ) 1248
---- Services - GMER 1.0.12 ----
Service C:\WINDOWS\system32\wincom32.sys (*** hidden *** ) [AUTO] wincom32 <-- ROOTKIT !!!
---- Files - GMER 1.0.12 ----
File C:\WINDOWS\Prefetch\TASKDIR.EXE-02B5617A.pf
File C:\WINDOWS\system32\adir.dll
File C:\WINDOWS\system32\adirss.exe
File C:\WINDOWS\system32\taskdir.exe
File C:\WINDOWS\system32\wincom32.ini
File C:\WINDOWS\system32\wincom32.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\WindowsLogon.manifest
---- EOF - GMER 1.0.12 ----

lzx32 GMER 1.0.11.11310 - http://www.gmer.net
Rootkit 2006-09-14 09:31:21
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.11 ----
SYSENTER ? F60FDFAF
---- Modules - GMER 1.0.11 ----
Module (noname) (*** hidden *** ) F60F9000
---- Threads - GMER 1.0.11 ----
Thread 4:1224 F60FC08A
---- Services - GMER 1.0.11 ----
Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!
---- Files - GMER 1.0.11 ----
ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!
---- EOF - GMER 1.0.11 ----

Gromozon Rootkit GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-31 14:25:26
Windows 5.1.2600 Service Pack 2
---- Processes - GMER 1.0.10 ----
Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [2500] 0x01F20000 <-- ROOTKIT !!!
Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [4036] 0x01F20000 <-- ROOTKIT !!!
---- Files - GMER 1.0.10 ----
File C:\WINDOWS\mdoom1.dll
File C:\WINDOWS\system32\lpt4.hzq
---- EOF - GMER 1.0.10 ----

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-31 14:27:47
Windows 5.1.2600 Service Pack 2
...
HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs = \\?\C:\WINDOWS\system32\lpt4.hzq
...
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
SrvXdx /*SrvXdx*/@ = "C:\Programmi\File comuni\System\mfxS.exe"
...
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{D4ED03F3-6672-F05B-77C2-859151625148}C:\WINDOWS\mdoom1.dll = C:\WINDOWS\mdoom1.dll
...

---- EOF - GMER 1.0.10 ----

pe386 GMER 1.0.10.10108 - http://www.gmer.net
Rootkit 2006-05-25 14:32:07
Windows 5.1.2600 Service Pack 1

---- System - GMER 1.0.10 ----

SYSENTER ? 00810005
---- Devices - GMER 1.0.10 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81732520
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 817310C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 817310C0
---- Services - GMER 1.0.10 ----
Service D:\WINDOWS\System32:18467 (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!
---- EOF - GMER 1.0.10 ----

xdudmm.sys
xdudtt.dll GMER 1.0.10.10108 - http://www.gmer.net
Rootkit 2006-05-24 00:29:02
Windows 5.1.2600

---- System - GMER 1.0.10 ----
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenThread <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQuerySystemInformation <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
---- Devices - GMER 1.0.10 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys
---- Processes - GMER 1.0.10 ----
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [244] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [300] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\nvsvc32.exe [308] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [332] 0x00E50000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe [492] 0x00950000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [572] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\RECYCLER\lsass.exe [600] 0x10000000 <-- ROOTKIT !!!
Process C:\WINDOWS\SYSTEM32\winlogon.exe (*** hidden *** ) 796 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [796] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [1636] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [1696] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1820] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [1956] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\GEARSec.exe [1996] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2024] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE [2388] 0x00C00000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2412] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Winamp\winamp.exe [2556] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\QuickTime\qttask.exe [2616] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2656] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\wccx.exe [2796] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\d13a4e75.exe [2804] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\SpeedFan\speedfan.exe [3080] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [3084] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\rundll32.exe [3212] 0x00950000 <-- ROOTKIT !!!
Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Canon\CAL\CALMAIN.exe [3564] 0x10000000 <-- ROOTKIT !!!
Process C:\WINDOWS\explorer.exe (*** hidden *** ) 3808 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3808] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4196] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\PowerArchiver\POWERARC.EXE [4836] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Gadu-Gadu\gg.exe [5140] 0x00D00000 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\notepad.exe [5400] 0x10000000 <-- ROOTKIT !!!
Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\_PA459\gmer.exe [6008] 0x10000000 <-- ROOTKIT !!!
---- Services - GMER 1.0.10 ----
Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [SYSTEM] xdudmm <-- ROOTKIT !!!
Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [AUTO] xdudtt <-- ROOTKIT !!!
---- EOF - GMER 1.0.10 ----


alco8drv.sys GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Dodatek Service Pack 2

---- System - GMER 1.0.9 ----

---- Devices - GMER 1.0.9 ----
Device \Driver\WmiDisk \Device\G69uQQGr IRP_MJ_CREATE 83E50A11
---- Processes - GMER 1.0.9 ----
Process synbdusx.exe (*** hidden *** ) 1848 <-- ROOTKIT !!!
---- Files - GMER 1.0.9 ----
File C:\WINDOWS\system32\drivers\alco8drv.sys
File C:\WINDOWS\system32\synbdusx.exe
---- EOF - GMER 1.0.9 ----

imaslip.sys GMER 1.0.9.8110 - {http://www.gmer.net}
Windows 5.1.2600 Dodatek Service Pack 2

---- Devices - GMER 1.0.9 ----
Device \Driver\Volvice \Device\aswtMgr IRP_MJ_CREATE 81BBB8C3
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1950828
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100D390
---- Processes - GMER 1.0.9 ----
Process msvcji32.exe (*** hidden *** ) 1480 <-- ROOTKIT !!!
Process lsacap32.exe (*** hidden *** ) 1488 <-- ROOTKIT !!!
---- Files - GMER 1.0.9 ----
File C:\WINDOWS\system32\drivers\imaslip.sys
File C:\WINDOWS\system32\lsacap32.exe
---- EOF - GMER 1.0.9 ----


ivdmt16.sys winlow.sys GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600

---- System - GMER 1.0.9 ----
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT FF7B1820 ZwEnumerateKey <-- ROOTKIT !!!
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwOpenProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryKey
SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQuerySystemInformation <-- ROOTKIT !!!
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
---- Services - GMER 1.0.9 ----
Service C:\WINDOWS\System32\Drivers\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32 <-- ROOTKIT !!!
---- Files - GMER 1.0.9 ----
File C:\!KillBox\drct16.dll
File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\system32\cz.dll
File C:\WINDOWS\system32\drct16.dll
File C:\WINDOWS\system32\fltr.a3d
File C:\WINDOWS\system32\hz.sys
File C:\WINDOWS\system32\i.a3d
File C:\WINDOWS\system32\klogini.dll
File C:\WINDOWS\system32\mszx23.exe
File C:\WINDOWS\system32\p2.ini
File C:\WINDOWS\system32\redir.a3d
File C:\WINDOWS\system32\tnfl.a3d
File C:\WINDOWS\system32\vdmt16.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\winlow.sys <-- ROOTKIT !!!
File C:\WINDOWS\system32\wz.sys
File D:\System Volume Information\tracking.log
---- Services - GMER 1.0.9 ----
Service C:\WINDOWS\System32\vdmt16.sys [SYSTEM] vdmt16 <-- ROOTKIT !!!
Service C:\WINDOWS\System32\winlow.sys [AUTO] winlow <-- ROOTKIT !!!
---- EOF - GMER 1.0.9 ----


drmpdate.sys GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Dodatek Service Pack. 1

---- System - GMER 1.0.9 ----
SSDT \SystemRoot\System32\drivers\klif.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT kl1.sys ZwOpenFile
SSDT d347bus.sys ZwOpenKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile
SSDT d347bus.sys ZwQueryKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformation
SSDT d347bus.sys ZwQueryValueKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThread
SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThread
SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]
---- Devices - GMER 1.0.9 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CREATE [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CLOSEIRP_MJ_READ [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_WRITE [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_QUERY_INFORMATION [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_INTERNAL_DEVICE_CONTROL [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SHUTDOWN [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SYSTEM_CONTROL [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_DEVICE_CHANGE [F865776A] HIDCLASS.SYS
Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_PNP_POWER [F865776A] HIDCLASS.SYS
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81EDBB50
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81EDBB50
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 81EDBB50
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82113F00
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82113F00
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81EDBB50
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 81EDBB50
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\adpsSvc \Device\perRAME IRP_MJ_CREATE 81C721E7
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82147AD8
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82147AD8
---- Processes - GMER 1.0.9 ----
Process UXTAKSIE.EXE (*** hidden *** ) 1208 <-- ROOTKIT !!!
Process ADSPTSVC.EXE (*** hidden *** ) 1216 <-- ROOTKIT !!!
---- Modules - GMER 1.0.9 ----
Module _________ F846A000
---- Services - GMER 1.0.9 ----
Service C:\WINDOWS\System32\drivers\drmpdate.sys (*** hidden *** ) [SYSTEM] adpsSvc <-- ROOTKIT !!!
---- Registry - GMER 1.0.9 ----
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm
Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
Reg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAME
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sys
Reg \Registry\MACHINE\SOFTWARE\[email protected] adpsSvc
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\lzedw400.exe
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\qosccr32.exe
Reg \Registry\MACHINE\SOFTWARE\[email protected]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?
Reg \Registry\MACHINE\SOFTWARE\[email protected] /CTUN
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\dxdstyle.dll
Reg \Registry\MACHINE\SOFTWARE\[email protected] adchannel.contextplus.net
Reg \Registry\MACHINE\SOFTWARE\[email protected] http://adchannel.contextplus.net/legal-note/nonbranded.html
Reg \Registry\MACHINE\SOFTWARE\[email protected] CP.IST2
Reg \Registry\MACHINE\SOFTWARE\[email protected] ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?
Reg \Registry\MACHINE\SOFTWARE\[email protected] 1
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\uxtaksie.exe
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\adsptsvc.exe
Reg \Registry\MACHINE\SOFTWARE\[email protected] 2.0.131
Reg \Registry\MACHINE\SOFTWARE\[email protected] 3600000
Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-14:32:01:192
Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-13:32:01:442
Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
Reg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAME
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sys
Reg \Registry\MACHINE\SOFTWARE\[email protected] adpsSvc
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\lzedw400.exe
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\qosccr32.exe
Reg \Registry\MACHINE\SOFTWARE\[email protected]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?
Reg \Registry\MACHINE\SOFTWARE\[email protected] /CTUN
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\dxdstyle.dll
Reg \Registry\MACHINE\SOFTWARE\[email protected] adchannel.contextplus.net
Reg \Registry\MACHINE\SOFTWARE\[email protected] http://adchannel.contextplus.net/legal-note/nonbranded.html
Reg \Registry\MACHINE\SOFTWARE\[email protected] CP.IST2
Reg \Registry\MACHINE\SOFTWARE\[email protected] ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?
Reg \Registry\MACHINE\SOFTWARE\[email protected] 1
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\uxtaksie.exe
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\adsptsvc.exe
Reg \Registry\MACHINE\SOFTWARE\[email protected] 2.0.131
Reg \Registry\MACHINE\SOFTWARE\[email protected] 3600000
Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-14:32:01:192
Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-13:32:01:442
Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm\AU2
Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
Reg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAME
Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sys
Reg \Registry\MACHINE\SOFTWARE\[email protected]

m_hook.sys GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Dodatek Service Pack. 1

---- System - GMER 1.0.9 ----
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwCreateFile <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateKey <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateValueKey <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryKey <-- ROOTKIT !!!
SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQuerySystemInformation <-- ROOTKIT !!!
---- Processes - GMER 1.0.9 ----
Process wintems.exe (*** hidden *** ) 1656 <-- ROOTKIT !!!
---- Registry - GMER 1.0.9 ----
Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\[email protected]
C:\\WINDOWS\\System32\\wintems.exe
Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\[email protected]
C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe
---- Files - GMER 1.0.9 ----
File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires
File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe
File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys <-- ROOTKIT !!!
File C:\\WINDOWS\\system32\\wintems.exe
---- Services - GMER 1.0.9 ----
Service C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys [MANUAL] m_hook <-- ROOTKIT !!!
---- EOF - GMER 1.0.9 ----


VT100.EXE GMER 1.0.10.9819 - http://www.gmer.net
Rootkit 2006-05-04 18:30:25
Windows 5.1.2600 Dodatek Service Pack 2

---- Processes - GMER 1.0.10 ----
Process C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!
Library C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!
---- Registry - GMER 1.0.10 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] Emulator C:\WINDOWS\system32\VT100.EXE
---- Files - GMER 1.0.10 ----
File C:\WINDOWS\system32\VT100.EXE
---- EOF - GMER 1.0.10 ----

zopenssld.sys GMER 1.0.9.8110 - http://www.gmer.net
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.9 ----
SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcess <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcessEx <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
---- Processes - GMER 1.0.9 ----
Process ogolrs.exe (*** hidden *** ) 1928 <-- ROOTKIT !!!
Process epfpr.exe (*** hidden *** ) 1972 <-- ROOTKIT !!!
Process epfpr.exe (*** hidden *** ) 2032 <-- ROOTKIT !!!
Process epfpr.exe (*** hidden *** ) 2040 <-- ROOTKIT !!!
---- Registry - GMER 1.0.9 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C:\WINDOWS\system32\ogolrs.exe reg_run
Reg \Registry\USER\S-1-5-21-2000478354-764733703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\[email protected]
C:\WINDOWS\system32\ogolrs.exe reg_run
---- Files - GMER 1.0.9 ----
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gobmx.exe
File C:\WINDOWS\mcusi.dll
File C:\WINDOWS\system32\epfpr.exe
File C:\WINDOWS\system32\ogolrs.exe
File C:\WINDOWS\system32\plmtcxj.exe
File C:\WINDOWS\system32\unolibu.dll
File C:\WINDOWS\system32\zopenssl.dll
File C:\WINDOWS\system32\zopenssld.sys <-- ROOTKIT !!!
---- Services - GMER 1.0.9 ----
Service C:\WINDOWS\system32\zopenssld.sys [SYSTEM] zopenssld <-- ROOTKIT !!!
---- EOF - GMER 1.0.9 ----



sysbus32.sys ---- System - GMER 1.0.8 ----
SSDT 8182860A ZwEnumerateKey
SSDT 818298B6 ZwQueryDirectoryFile
---- Devices - GMER 1.0.8 ----
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81828CEE
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81828CEE
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81828CEE
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81828CEE
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 81828CEE
---- Services - GMER 1.0.8 ----
Service D:\WINDOWS\System32\DRIVERS\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32
---- Registry - GMER 1.0.8 ----
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 1
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 2
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] System32\DRIVERS\sysbus32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 1
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 2
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] System32\DRIVERS\sysbus32.sys
Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 1
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 2
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] System32\DRIVERS\sysbus32.sys
Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...
---- Files - GMER 1.0.8 ----
File D:\WINDOWS\system32\drivers\sysbus32.sys

avpe32.sys avpe64.sys avpe32.dll ---- System - GMER 1.0.7 ----
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcess
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQueryDirectoryFile
SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQuerySystemInformation
---- Processes - GMER 1.0.7 ----
Process explorer.exe (*** hidden *** ) 1596
File D:\WINDOWS\system32\avpe32.dll
File D:\WINDOWS\system32\drivers\avpe64.sys
File D:\WINDOWS\system32\klgcptini.dat
File D:\WINDOWS\system32\stt82.ini

isa32.sys + netpt.sys
---- System - GMER 1.0.6 ----
SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwQueryDirectoryFile
SSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwQuerySystemInformation
---- Devices - GMER 1.0.6 ----
Device \Driver\Tcpip IRP_MJ_CREATE isa32.sys
Device \Driver\Tcpip IRP_MJ_CLOSEIRP_MJ_READ isa32.sys
Device \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL isa32.sys
---- Processes - GMER 1.0.6 ----
Process svchost.exe (*** hidden *** ) 828
Process perfont.exe (*** hidden *** ) 1276
File C:\WINDOWS\system32\drivers\isa32.sys
File C:\WINDOWS\system32\main6.exe
File C:\WINDOWS\Prefetch\MAIN6.EXE-2CC0C9E7.pf

i386p.sys ---- System - GMER 1.0.6 ----
SSDT 81F7FA16 ZwEnumerateKey
SSDT 81F7FABA ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcess
SSDT 81F7F532 ZwQueryDirectoryFile
---- Devices - GMER 1.0.6 ----
Device \Driver\Tcpip IRP_MJ_CREATE 81F8057A
Device \Driver\i386p IRP_MJ_CREATE 81F7F3A4
File C:\99e21c81d36497c0228b\data\EURGEOM.DAT
File C:\99e21c81d36497c0228b\data\EURROUTE.DAT
File C:\99e21c81d36497c0228b\data\EURROUTE.DCT
File C:\99e21c81d36497c0228b\data\EURROUTE.VLF
File C:\99e21c81d36497c0228b\data\EUR_HD.MAD
File C:\99e21c81d36497c0228b\data\MSCREATE.DIR
File C:\99e21c81d36497c0228b\sp1\spmsg.dll
File C:\99e21c81d36497c0228b\sp1\spuninst.exe
File C:\99e21c81d36497c0228b\sp1\update
File C:\99e21c81d36497c0228b\sp1\update\eula.txt
File C:\99e21c81d36497c0228b\sp1\update\spcustom.dll
File C:\99e21c81d36497c0228b\sp1\update\update.exe
File C:\99e21c81d36497c0228b\sp2\spmsg.dll
File C:\99e21c81d36497c0228b\sp2\spuninst.exe
File C:\99e21c81d36497c0228b\sp2\update
File C:\99e21c81d36497c0228b\sp2\update\eula.txt
File C:\99e21c81d36497c0228b\sp2\update\spcustom.dll
File C:\99e21c81d36497c0228b\sp2\update\update.exe
File C:\99e21c81d36497c0228b\system\AM70407.DLL
File C:\99e21c81d36497c0228b\system\AUTOMAP7.EXE
File C:\99e21c81d36497c0228b\system\EUR70407.CHM
File C:\99e21c81d36497c0228b\system\EUR70407.DLL
File C:\99e21c81d36497c0228b\system\EUR70407.HLP
File C:\99e21c81d36497c0228b\system\MSCREATE.DIR
File C:\99e21c81d36497c0228b\system\MVUT21N.DLL



Copyright (c) GMER 2004 - 2013
 
Joined
Dec 28, 2004
Messages
8,256
The fastest way to bring your thread to the attention of a forum member who has the credentials to work on a malware removal issue is to:
Left click "report"
Ask the moderator to move your thread to the appropriate forum.

RF123
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,043
Download MGADiag to your desktop.

Double-click on MGADiag.exe to launch the program.

Click "Continue".

Ensure that the "Windows" tab is selected (it should be by default).

Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.

Paste the MGA Diagnostic Report back here in your next reply.

------------------------------------------------------------------
 

maria01773

Thread Starter
Joined
Jan 29, 2013
Messages
4
hello, i hope this is the correct information, many thanks, maria

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-YCBJ3-G6RY6-VPBJT
Windows Product Key Hash: CZNFjXqPiMkiBgLsDp5P20lM9PE=
Windows Product ID: 00426-OEM-9154342-50371
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {95F77A10-0D26-4319-B682-37C9CAA1F14A}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
Default Browser: N/A, hr=0x80070002
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{95F77A10-0D26-4319-B682-37C9CAA1F14A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VPBJT</PKey><PID>00426-OEM-9154342-50371</PID><PIDType>3</PIDType><SID>S-1-5-21-469256521-1560171154-575984373</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>MCP61M-M3</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080015 </Version><SMBIOSVersion major="2" minor="6"/><Date>20101103000000.000000+000</Date></BIOS><HWID>CD053F07018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>55A39B2AC03BD86</Val><Hash>u+u4uLijTg18svHcztt0SJv6tjM=</Hash><Pid>89388-707-0157384-65823</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.1.7601.17514
Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
Activation ID: cfb3e52c-d707-4861-af51-11b27ee6169c
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00182-543-450371-02-2057-7601.0000-3072010
Installation ID: 019041831680523870641355700770871735224922295245396812
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: VPBJT
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 30/01/2013 15:49:38
Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LgAAAAEAAgABAAEAAQABAAAAAQABAAEA6GEExLbYrH2SAJ4f7hYKEiTAlrcqPw==
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes, but no SLIC table
Windows marker version: N/A
OEMID and OEMTableID Consistent: N/A
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC 110310 APIC1147
FACP 110310 FACP1147
SRAT AMD FAM_F_10
MSCT A M I OEMBOARD
HPET 110310 OEMHPET0
MCFG 110310 OEMMCFG
WDRT 110310 NV-WDRT
OEMB 110310 OEMB1147
SSDT A M I POWERNOW
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
82,043
Thanks for submitting the MGA log.

I've sent in a request to have your thread moved to the "Virus & Other Malware Removal" section.

---------------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top