1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Do i have a virus?

Discussion in 'Virus & Other Malware Removal' started by maria01773, Jan 29, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. maria01773

    maria01773 Thread Starter

    Joined:
    Jan 29, 2013
    Messages:
    4
    hello, i hope someone will be able to help me out here. my home pc RUNS ON WINDOWS 7 and as been shutting down on its own randomly for the last couple of week. iv done a system restore that took me back over three weeks ago and still the same is happening. iv run AVG, CCleaner,Ad-aware,AVG Anti-spyware and also SuperAntispyware but nothing is correcting the problem. today its shut down roughly about 8 times and it asnt done it that many times in one day. I ran a cpu tempreture check and that showed up ok. here is my cpu, motherboard and graphics information just incase it helps. here is the TSG results also i dont know what other information i should be supplying sorry. many thanks


    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 64 bit
    Processor: AMD Sempron(tm) 145 Processor, AMD64 Family 16 Model 6 Stepping 3
    Processor Count: 1
    RAM: 4095 Mb
    Graphics Card: NVIDIA GeForce GT 430, 1023 Mb
    Hard Drives: C: Total - 152524 MB, Free - 111303 MB; E: Total - 1430796 MB, Free - 1173190 MB;
    Motherboard: ECS, MCP61M-M3
    Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

    CPU
    AMD Sempron 145
    Cores 1
    Threads 1
    Name AMD Sempron 145
    Code Name Sargas
    Package Socket AM3 (938)
    Technology 45nm
    Specification AMD Sempron 145 Processor
    Family F
    Extended Family 10
    Model 6
    Extended Model 6
    Stepping 3
    Revision DA-C3
    Instructions MMX (+), 3DNow! (+), SSE, SSE2, SSE3, SSE4A, AMD 64
    Virtualization Supported, Disabled
    Hyperthreading Not supported
    Fan Speed 1858 RPM
    Bus Speed 200.9 MHz
    Rated Bus Speed 1004.5 MHz
    Stock Core Speed 2800 MHz
    Stock Bus Speed 200 MHz
    Average Temperature 45 °C
    Caches
    L1 Data Cache Size 64 KBytes
    L1 Instructions Cache Size 64 KBytes
    L2 Unified Cache Size 1024 KBytes
    Core 0


    Motherboard
    Manufacturer ECS
    Model MCP61M-M3 (CPU 1)
    Version 7.0
    Chipset Vendor NVIDIA
    Chipset Model MCP61
    Chipset Revision A3
    Southbridge Vendor NVIDIA
    Southbridge Model MCP61
    Southbridge Revision A2
    System Temperature 30 °C
    BIOS
    Brand American Megatrends Inc.
    Version 080015
    Date 11/03/2010
    Voltage
    +3.3V 3.424 V
    CPU CORE 1.312 V
    VIN2 3.008 V
    VIN3 1.247 V
    VSB3V 3.424 V
    CMOS BATTERY 2.864 V
    PCI Data
    Slot UNKNOWN
    Slot Type UNKNOWN
    Slot Usage In Use
    Bus Width 32 bit
    Slot Designation AGP
    Slot Number 0
    Slot PCI
    Slot Type PCI
    Slot Usage Available
    Bus Width 32 bit
    Slot Designation PCI1
    Slot Number 1


    Graphics
    Monitor
    Name HP L2045w on NVIDIA GeForce GT 430
    Current Resolution 1680x1050 pixels
    Work Resolution 1680x1010 pixels
    State enabled, primary
    Monitor Width 1680
    Monitor Height 1050
    Monitor BPP 32 bits per pixel
    Monitor Frequency 59 Hz
    Device \\.\DISPLAY1\Monitor0


    GeForce GT 430


    GPU GF108
    Device ID 10DE-0DE1
    Revision A2
    Subvendor PNY (196E)
    Series GeForce GT 400
    Current Performance Level Level 1
    Current GPU Clock 50 MHz
    Current Memory Clock 135 MHz
    Current Shader Clock 101 MHz
    Voltage 0.880 V
    Die Size 116 nm²
    Release Date Oct 11, 2010
    DirectX Support 11.0
    OpenGL Support 5.0
    Bus Interface PCI Express x16
    Temperature 39 °C
    Driver version 9.18.13.697
    BIOS Version 70.08.29.00.52
    ROPs 8
    Shaders 96 unified
    Memory Type DDR3
    Physical Memory 1023 MB
    Virtual Memory 2816 MB
    Bus Width 64x2 (128 bit)
    Filtering Modes 16x Anisotropic
    Noise Level Quiet
    Max Power Draw 49 Watts
    Count of performance levels : 3
    Level 1 - "Default"
    GPU Clock 50 MHz
    Memory Clock 135 MHz
    Shader Clock 101 MHz
    Level 2 - "2D Desktop"
    GPU Clock 405 MHz
    Memory Clock 324 MHz
    Shader Clock 810 MHz
    Level 3 - "3D Applications"
    GPU Clock 700 MHz
    Memory Clock 800 MHz
    Shader Clock 1400 MHz
    OpenGL
    Version 4.2.0
    Vendor NVIDIA Corporation
    Renderer GeForce GT 430/PCIe/SSE2
    GLU Version 1.2.2.0 Microsoft Corporation
    Values
    GL Extensions
     
  2. ETech7

    ETech7

    Joined:
    Aug 30, 2012
    Messages:
    893
    Your drivers are all up to date?
     
  3. maria01773

    maria01773 Thread Starter

    Joined:
    Jan 29, 2013
    Messages:
    4
    hello there, i have just double cheacked all my drivers and they are all up to date. thank you maria
     
  4. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
  5. maria01773

    maria01773 Thread Starter

    Joined:
    Jan 29, 2013
    Messages:
    4
    sorry i didnt read the stickies, i have now so i will post the results, hope these are the right ones. many thanks maria

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:19:57, on 30/01/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\System32\PrintDisp.exe
    C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
    C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Windows\SysWOW64\CTPdeSrv.exe
    C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Users\Maria\Downloads\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.certified-toolbar.com?si=41460&home=true&tid=2937
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: PlayBryte BHO - {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - mscoree.dll (file missing)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    O3 - Toolbar: (no name) - {b278d9f8-0fa9-465e-9938-0c392605d8e3} - (no file)
    O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [lxdvmon.exe] "C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvmon.exe"
    O4 - HKLM\..\Run: [lxdvamon] "C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe"
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm



    DS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by Maria at 8:21:34 on 2013-01-30
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.4095.2026 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\PrintCtrl.exe
    C:\Windows\system32\PrintDisp.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\UltiDev\Web Server\UWS.HighPrivilegeUtilities.exe
    C:\Program Files (x86)\UltiDev\Web Server\UWS.LowPrivilegeUtilities.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\UltiDev\Web Server\UltiDev.WebServer.Monitor.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
    C:\Program Files\UltiDev\Web Server\UWS.AppHost.Clr2.AnyCpu.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Windows\System32\PrintDisp.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
    C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86) (x86)\Lexmark X5400 Series\lxdvamon.exe
    C:\Program Files\BitComet\tools\BitCometService.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Windows\SysWOW64\CTPdeSrv.exe
    C:\Program Files (x86)\Grisoft\AVG Anti-Spyware 7.5\avgas.exe


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 26/06/2012 12:21:04
    System Uptime: 30/01/2013 07:13:04 (1 hours ago)
    .
    Motherboard: ECS | | MCP61M-M3
    Processor: AMD Sempron(tm) 145 Processor | CPU 1 | 2800/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 108.689 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 1397 GiB total, 1145.694 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\6&72D6705&0&4
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\6&72D6705&0&4
    Service:
    .
    ==== System Restore Points ===================
    .
    RP98: 14/01/2013 19:35:23 - Installed Zune 4.8
    RP99: 29/01/2013 21:58:52 - ARO 2012 - Before Installation
    RP100: 29/01/2013 22:00:07 - ARO 2012 - FIRST RUN
    RP101: 29/01/2013 22:15:56 - ARO 2012 Tue, Jan 29, 13 22:15
    .
    ==== Installed Programs ======================
    .
    ABBYY FineReader 6.0 Sprint
    Ad-Aware
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2012
    AVG Anti-Spyware 7.5
    AVG Security Toolbar
    BitComet 1.32 64-bit
    Bonjour
    Browser Manager
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon MG4100 series MP Drivers
    Canon MG4100 series On-screen Manual
    Canon MG4100 series User Registration
    Canon MP Navigator EX 5.0
    Canon My Printer
    Canon Solution Menu EX
    CCleaner
    ConvertXtoDVD 4.1.19.365
    Creative Jukebox Driver
    Creative MediaSource 5
    D3DX10
    DirectDownloader
    Download Manager and Options
    Express Zip
    Free Video Converter V 3.1
    Google Toolbar for Internet Explorer
    Google Update Helper
    Internet TV for Windows Media Center
    iTunes
    Junk Mail filter update
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Publisher 98
    Microsoft Silverlight
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Drivers
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.1.13.1
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    PlayBryte
    Prism Video File Converter
    Protected Search 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Service Pack 2 for SQL Server 2008 (KB2285068)
    Speccy
    Sql Server Customer Experience Improvement Program
    SUPERAntiSpyware
    Switch Sound File Converter
    UltiDev Web Server Pro
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.6195
    VideoFileDownload
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual Studio 2008 x64 Redistributables
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    29/01/2013 21:43:23, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    29/01/2013 14:13:24, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    29/01/2013 13:01:52, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    29/01/2013 13:01:52, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    29/01/2013 13:00:50, Error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    26/01/2013 14:19:28, Error: bowser [8003] - The master browser has received a server announcement from the computer TEXTME that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2EAA0504-CAA8-4EFA-8AE9-157D25CC463F}. The master browser is stopping or an election is being forced.
    23/01/2013 23:51:21, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user Maria-PC\Guest SID (S-1-5-21-469256521-1560171154-575984373-501) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    .
    ==== End Of File ===========================


    apz/x64 GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-06 20:21:33
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwniafod.sys

    ---- Kernel code sections - GMER 2.0 ----
    .text C:\Windows\system32\DRIVERS\ataport.SYS!AtaPortInitialize + 357 fffff880010c24d9 11 bytes {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    .text C:\Windows\system32\DRIVERS\ataport.SYS!AtaPortInitialize + 397 fffff880010c2501 11 bytes {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    ---- Devices - GMER 2.0 ----
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\ScsiPort0 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\ScsiPort0 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\ScsiPort1 IRP_MJ_INTERNAL_DEVICE_CONTROL fffff880010c24d8 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    Device \Driver\atapi \Device\ScsiPort1 IRP_MJ_DEVICE_CONTROL fffff880010c2500 {MOV RAX, 0xfffffa80024fbdd1; JMP RAX}
    ---- Trace I/O - GMER 2.0 ----
    Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS >>UNKNOWN [0xfffffa80024fbdd1]<< >>UNKNOWN [0xfffffa8000822064]<< intelide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8000822064
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8001348790] fffffa8001348790
    Trace 3 CLASSPNP.SYS[fffff8800143b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800129d060] fffffa800129d060
    ---- Disk sectors - GMER 2.0 ----
    Disk \Device\Harddisk0\DR0 Windows 7 default MBR code found via API
    Disk \Device\Harddisk0\DR0 unknown MBR code
    Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
    ---- EOF - GMER 2.0 ----

    ZAccess/x64 GMER 2.0.18327 - http://www.gmer.net
    Rootkit scan 2012-12-21 20:10:17
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\kwniafod.sys

    ---- User code sections - GMER 2.0 ----
    .reloc C:\Windows\system32\services.exe [440] section is executable [0x4A8, 0xA0000020] 00000000ff532000
    ---- Threads - GMER 2.0 ----
    Thread C:\Windows\system32\services.exe [440:1080] 00000000000d1e58
    ---- EOF - GMER 2.0 ----

    [email protected]/x64 GMER 2.0.17849 - http://www.gmer.net
    Rootkit scan 2012-12-24 15:37:02
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-4 TOSHIBA_MK1255GSX_H rev.FG001Q 111.79GB
    Running: gmer.exe; Driver: C:\Users\user\AppData\Local\Temp\uwldqpod.sys

    ---- Devices - GMER 2.0 ----
    Device \Driver\volmgr \Device\HarddiskVolume1 fffffa8002db8e84
    Device \Driver\volmgr \Device\FtControl fffffa8002db8e84
    Device \Driver\volmgr \Device\VolMgrControl fffffa8002db8e84
    Device \Driver\volmgr \Device\HarddiskVolume2 fffffa8002db8e84
    Device \Driver\volmgr \Device\HarddiskVolume3 fffffa8002db8e84
    Device \Driver\volmgr \Device\HarddiskVolume4 fffffa8002db8e84
    ---- Trace I/O - GMER 2.0 ----
    Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8002db6560]<< ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa8002db6560
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002d94530] fffffa8002d94530
    Trace 3 CLASSPNP.SYS[fffff880018a843f] -> nt!IofCallDriver -> [0xfffffa8001e42600] fffffa8001e42600
    Trace 5 ACPI.sys[fffff88000f45781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-4[0xfffffa8002863060] fffffa8002863060
    Trace \Driver\atapi[0xfffffa8001e45060] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8002db6560 fffffa8002db6560
    ---- Threads - GMER 2.0 ----
    Thread System [4:196] fffffa8002db8b24
    ---- Disk sectors - GMER 2.0 ----
    Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
    Disk \Device\Harddisk0\DR0 suspicious partition 4 80 (A) 17 Hidd HPFS/NTFS NTFS 10 MB offset 163840000
    ---- EOF - GMER 2.0 ----

    TDL4/[email protected] GMER 1.0.15.15570 - http://www.gmer.net
    Rootkit scan 2011-03-21 22:34:17
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200BB-22KEA0 rev.08.05J08
    Running: rplt1sur.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdrpob.sys

    ---- System - GMER 1.0.15 ----
    SSDT 8A272CB8 ZwConnectPort
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA3630350]
    SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA3630580]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00F8000A
    .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00F9000A
    .text C:\WINDOWS\System32\svchost.exe[968] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00F7000C
    .text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0305000A
    .text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 0306000A
    .text C:\WINDOWS\System32\svchost.exe[968] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 0326000A
    .text C:\WINDOWS\System32\svchost.exe[968] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 0108000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0182000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0183000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[3668] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0167000C
    .text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0153000A
    .text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0154000A
    .text C:\WINDOWS\Explorer.EXE[3896] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0152000C
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T1L0-17 8A78127F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A78127F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A78127F
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-f 8A78127F
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200BB-22KEA0_____________________08.05J08#5&60ba549&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
    ---- EOF - GMER 1.0.15 ----

    TDSS GMER 1.0.15.15121 - http://www.gmer.net
    Rootkit scan 2009-10-03 13:54:24
    Windows 5.1.2600 Service Pack 2

    ---- Kernel code sections - GMER 1.0.15 ----
    .rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF74CB380]
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\atapi \Device\Ide\IdePort0 [F74BE9F2] atapi.sys[unknown section]
    Device \Driver\atapi \Device\Ide\IdePort1 [F74BE9F2] atapi.sys[unknown section]
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F74BE9F2] atapi.sys[unknown section]
    Device \Driver\atapi \Device\Ide\IdePort2 [F74BE9F2] atapi.sys[unknown section]
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F74BE9F2] atapi.sys[unknown section]
    Device \Driver\atapi \Device\Ide\IdePort3 [F74BE9F2] atapi.sys[unknown section]
    Device \Driver\atapi \Device\Ide\IdePort4 [F74BE9F2] atapi.sys[unknown section]
    Device \Driver\atapi \Device\Ide\IdePort5 [F74BE9F2] atapi.sys[unknown section]
    ---- Processes - GMER 1.0.15 ----
    Library \\?\globalroot\Device\Ide\IdePort5\kbwwiibi\kbwwiibi\tdlwsp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1736] 0x10000000
    ---- EOF - GMER 1.0.15 ----

    Tigger/Syzor GMER 1.0.15.14918 - http://www.gmer.net
    Rootkit scan 2009-01-12 15:18:21
    Windows 5.1.2600 Dodatek Service Pack 2

    ---- Kernel code sections - GMER 1.0.15 ----
    PAGEKD KDCOM.DLL!KdSendPacket F9F4D1B2 8 Bytes [FF, 35, 00, F0, 8F, 81, 9B, ...] {PUSH DWORD [0x818ff000]; WAIT ; RET }
    ---- User code sections - GMER 1.0.15 ----
    .text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 1 Byte [55]
    .text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestA 771B76B8 7 Bytes [55, FF, 25, 00, 00, F6, 00] {PUSH EBP; JMP [0xf60000]}
    .text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 1 Byte [55]
    .text C:\WINDOWS\Explorer.EXE[1340] WININET.dll!HttpSendRequestW 77201808 7 Bytes [55, FF, 25, 00, 00, 1F, 01] {PUSH EBP; JMP [0x11f0000]}
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE F8B98880
    Device \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ F8B99E54
    Device \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ F8B99E54
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ F8B992DC
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE F8B9932E
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN F8B99FA0
    ---- Threads - GMER 1.0.15 ----
    Thread System [4:300] F8B99EB4
    Thread System [4:1164] F8B99490
    Thread System [4:1740] F8B98988
    Thread System [4:1388] F8B9A022
    ---- EOF - GMER 1.0.15 ----

    MBR rootkit/Mebroot/Sinowal GMER 1.0.14.14536 - http://www.gmer.net
    Rootkit scan 2008-08-24 07:50:49
    Windows 5.1.2600 Service Pack 3

    ---- Disk sectors - GMER 1.0.14 ----
    Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit code detected <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 61: malicious code @ sector 0x25429800 size 0x2c4
    Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
    ---- Kernel code sections - GMER 1.0.14 ----
    PAGE CLASSPNP.SYS!ClassInitialize + F4 F9A934B2 4 Bytes [ 7E, C8, 84, 81 ]
    PAGE CLASSPNP.SYS!ClassInitialize + FF F9A934BD 4 Bytes [ 28, 74, 84, 81 ]
    PAGE CLASSPNP.SYS!ClassInitialize + 10A F9A934C8 4 Bytes [ 90, C8, 84, 81 ]
    PAGE CLASSPNP.SYS!ClassInitialize + 111 F9A934CF 4 Bytes [ 84, C8, 84, 81 ]
    PAGE CLASSPNP.SYS!ClassInitialize + 118 F9A934D6 4 Bytes [ 8A, C8, 84, 81 ]
    PAGE ...
    ---- User code sections - GMER 1.0.14 ----
    .text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDestroyKey 77DDA544 7 Bytes JMP 00D52B9A
    .text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptDecrypt 77DDA7B1 7 Bytes JMP 00D52B57
    .text C:\WINDOWS\explorer.exe[1136] ADVAPI32.dll!CryptEncrypt 77DE1558 7 Bytes JMP 00D52B1B
    .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!send 71A5428A 5 Bytes JMP 00D5298C
    .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSARecv 71A54318 5 Bytes JMP 00D52A7E
    .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!recv 71A5615A 5 Bytes JMP 00D529C4
    .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!WSASend 71A56233 5 Bytes JMP 00D529FC
    .text C:\WINDOWS\explorer.exe[1136] WS2_32.dll!closesocket 71A59639 5 Bytes JMP 00D52B00
    ---- Devices - GMER 1.0.14 ----
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 855A1410
    Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 855A1410
    ---- Threads - GMER 1.0.14 ----
    Thread 4:796 855BBC80
    Thread 4:800 855A8D80
    Thread 4:804 85663DC0
    Thread 4:808 85594E00
    Thread 4:2856 855BBC80
    Thread 4:2860 855A8D80
    Thread 4:2864 85663DC0
    Thread 4:2868 85594E00
    ---- EOF - GMER 1.0.14 ----
    C:\>mbr.exe -t
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.6 by Gmer, http://www.gmer.net
    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85938E90]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x85938e90
    \Device\Harddisk0\DR0 -> ParseProcedure -> 0x8593fc20
    NDIS: Intel(R) 82566DM-2 Gigabit Network Connection -> SendCompleteHandler -> 0x8596e700
    Warning: possible MBR rootkit infection !
    copy of MBR has been found in sector 0x0100A757
    malicious code @ sector 0x0100A75A !
    PE file found in sector at 0x0100A770 !
    MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

    RioDrvs.sys GMER 1.0.13.12482 - http://www.gmer.net
    Rootkit scan 2007-06-15 08:55:07
    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.13 ----
    SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D8] PUSH F7912914; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwClose
    SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D8] ZwClose
    SSDT \WINDOWS\system32\ntkrnlpa.exe [805460EA] PUSH F79133AA; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteKey
    SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460EA] ZwDeleteKey
    SSDT \WINDOWS\system32\ntkrnlpa.exe [805460F0] PUSH F7913432; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwDeleteValueKey
    SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460F0] ZwDeleteValueKey
    SSDT \WINDOWS\system32\ntkrnlpa.exe [805460D2] PUSH F7912888; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwEnumerateKey
    SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460D2] ZwEnumerateKey
    SSDT \WINDOWS\system32\ntkrnlpa.exe [805460CC] PUSH F7913140; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwLoadDriver
    SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460CC] ZwLoadDriver
    SSDT \WINDOWS\system32\ntkrnlpa.exe [805460DE] PUSH F7912A40; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwQueryDirectoryFile
    SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460DE] ZwQueryDirectoryFile
    SSDT \WINDOWS\system32\ntkrnlpa.exe [805460E4] PUSH F7913320; RET \SystemRoot\System32\DRIVERS\riodrvs.sys ZwSaveKey
    SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [805460E4] ZwSaveKey
    ---- Processes - GMER 1.0.13 ----
    Library C:\WINDOWS\LINKINFO.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x10000000
    Library C:\WINDOWS\system32\linkinfo.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [1932] 0x76960000
    ---- Files - GMER 1.0.13 ----
    File C:\WINDOWS\linkinfo.dll
    File C:\WINDOWS\ServicePackFiles\i386\linkinfo.dll
    File C:\WINDOWS\system32\drivers\RioDrvs.sys <-- ROOTKIT !!!
    File C:\WINDOWS\system32\linkinfo.dll
    ---- Services - GMER 1.0.13 ----
    Service C:\WINDOWS\system32\DRIVERS\RioDrvs.sys [AUTO] RioDrvs <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.13 ----

    VideoAti0.sys GMER 1.0.12.12070 - http://www.gmer.net
    Rootkit scan 2007-02-26 15:38:06
    Windows 5.1.2600 Service Pack 2

    ---- Kernel code sections - GMER 1.0.12 ----
    PAGE ntoskrnl.exe!ZwQueryKey + 201 8056F674 6 Bytes PUSH FC8152D4; RET
    ? C:\WINDOWS\system32\drivers\Ntfs.sys Access denied.
    ---- Devices - GMER 1.0.12 ----
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE FC814E94
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL FC815084
    Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CREATE FC8144AC
    Device \Driver\VideoAti0 \Device\VideoAti0 IRP_MJ_CLOSE FC8144AC
    ---- Modules - GMER 1.0.12 ----
    Module \SystemRoot\System32\drivers\VideoAti0.sys (*** hidden *** ) FC814000
    ---- Files - GMER 1.0.12 ----
    File C:\WINDOWS\system32\drivers\VideoAti0.sys
    File C:\WINDOWS\system32\VideoAti0.dll
    File C:\WINDOWS\system32\VideoAti0.exe
    ---- EOF - GMER 1.0.12 ----

    wincom32.sys GMER 1.0.12.12012 - http://www.gmer.net
    Rootkit scan 2007-02-04 13:46:33
    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.12 ----
    SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateKey <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwEnumerateValueKey <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\system32\wincom32.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
    ---- User code sections - GMER 1.0.12 ----
    .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 009B083C
    .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 009B07B6
    .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 009B05E4
    .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009B045D
    .text C:\WINDOWS\system32\cmd.exe[164] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 009B0505
    .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 011E083C
    .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 011E07B6
    .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 011E05E4
    .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011E045D
    .text C:\WINDOWS\system32\csrss.exe[476] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 011E0505
    .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E1083C
    .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E107B6
    .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E105E4
    .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E1045D
    .text C:\WINDOWS\system32\winlogon.exe[504] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E10505
    .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A1083C
    .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A107B6
    .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A105E4
    .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A1045D
    .text C:\WINDOWS\system32\services.exe[556] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A10505
    .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00D0083C
    .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00D007B6
    .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00D005E4
    .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D0045D
    .text C:\WINDOWS\system32\svchost.exe[724] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00D00505
    .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 008E083C
    .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 008E07B6
    .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008E05E4
    .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008E045D
    .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 008E0505
    .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0196083C
    .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 019607B6
    .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019605E4
    .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0196045D
    .text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 01960505
    .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0077083C
    .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 007707B6
    .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007705E4
    .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0077045D
    .text C:\WINDOWS\system32\svchost.exe[980] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00770505
    .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00A4083C
    .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00A407B6
    .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00A405E4
    .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00A4045D
    .text C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00A40505
    .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00DB083C
    .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00DB07B6
    .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DB05E4
    .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB045D
    .text C:\WINDOWS\system32\spoolsv.exe[1096] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00DB0505
    .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
    .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
    .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
    .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
    .text C:\WINDOWS\system32\taskdir.exe[1248] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
    .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
    .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
    .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
    .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
    .text C:\WINDOWS\system32\ad.exe[1896] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
    .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 00E3083C
    .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 00E307B6
    .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00E305E4
    .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00E3045D
    .text C:\WINDOWS\explorer.exe[1976] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00E30505
    .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtCreateThread 7C90D7D2 5 Bytes JMP 0013083C
    .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateKey 7C90D94C 5 Bytes JMP 001307B6
    .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 001305E4
    .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 0013045D
    .text C:\WINDOWS\gmer.exe[10692] ntdll.dll!NtQuerySystemInformation 7C90E1AA 5 Bytes JMP 00130505
    ---- Devices - GMER 1.0.12 ----
    Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
    Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [FBFD36F8] wincom32.sys
    ---- Processes - GMER 1.0.12 ----
    Process C:\WINDOWS\system32\taskdir.exe (*** hidden *** ) 1248
    ---- Services - GMER 1.0.12 ----
    Service C:\WINDOWS\system32\wincom32.sys (*** hidden *** ) [AUTO] wincom32 <-- ROOTKIT !!!
    ---- Files - GMER 1.0.12 ----
    File C:\WINDOWS\Prefetch\TASKDIR.EXE-02B5617A.pf
    File C:\WINDOWS\system32\adir.dll
    File C:\WINDOWS\system32\adirss.exe
    File C:\WINDOWS\system32\taskdir.exe
    File C:\WINDOWS\system32\wincom32.ini
    File C:\WINDOWS\system32\wincom32.sys <-- ROOTKIT !!!
    File C:\WINDOWS\system32\WindowsLogon.manifest
    ---- EOF - GMER 1.0.12 ----

    lzx32 GMER 1.0.11.11310 - http://www.gmer.net
    Rootkit 2006-09-14 09:31:21
    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.11 ----
    SYSENTER ? F60FDFAF
    ---- Modules - GMER 1.0.11 ----
    Module (noname) (*** hidden *** ) F60F9000
    ---- Threads - GMER 1.0.11 ----
    Thread 4:1224 F60FC08A
    ---- Services - GMER 1.0.11 ----
    Service D:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!
    ---- Files - GMER 1.0.11 ----
    ADS D:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.11 ----

    Gromozon Rootkit GMER 1.0.10.10122 - http://www.gmer.net
    Rootkit 2006-08-31 14:25:26
    Windows 5.1.2600 Service Pack 2
    ---- Processes - GMER 1.0.10 ----
    Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [2500] 0x01F20000 <-- ROOTKIT !!!
    Library C:\WINDOWS\mdoom1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [4036] 0x01F20000 <-- ROOTKIT !!!
    ---- Files - GMER 1.0.10 ----
    File C:\WINDOWS\mdoom1.dll
    File C:\WINDOWS\system32\lpt4.hzq
    ---- EOF - GMER 1.0.10 ----

    GMER 1.0.10.10122 - http://www.gmer.net
    Autostart 2006-08-31 14:27:47
    Windows 5.1.2600 Service Pack 2
    ...
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs = \\?\C:\WINDOWS\system32\lpt4.hzq
    ...
    HKLM\SYSTEM\CurrentControlSet\Services\ >>>
    SrvXdx /*SrvXdx*/@ = "C:\Programmi\File comuni\System\mfxS.exe"
    ...
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
    @{D4ED03F3-6672-F05B-77C2-859151625148}C:\WINDOWS\mdoom1.dll = C:\WINDOWS\mdoom1.dll
    ...

    ---- EOF - GMER 1.0.10 ----

    pe386 GMER 1.0.10.10108 - http://www.gmer.net
    Rootkit 2006-05-25 14:32:07
    Windows 5.1.2600 Service Pack 1

    ---- System - GMER 1.0.10 ----

    SYSENTER ? 00810005
    ---- Devices - GMER 1.0.10 ----
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 81732520
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 817310C0
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 817310C0
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 817310C0
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 817310C0
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 817310C0
    ---- Services - GMER 1.0.10 ----
    Service D:\WINDOWS\System32:18467 (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.10 ----

    xdudmm.sys
    xdudtt.dll GMER 1.0.10.10108 - http://www.gmer.net
    Rootkit 2006-05-24 00:29:02
    Windows 5.1.2600

    ---- System - GMER 1.0.10 ----
    SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcess <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwCreateProcessEx <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwCreateThread
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwMapViewOfSection
    SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenProcess <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwOpenThread <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\System32\xdudmm.sys ZwQuerySystemInformation <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys ZwTerminateProcess
    ---- Devices - GMER 1.0.10 ----
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F88DF300] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSEIRP_MJ_READ [F88DF520] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F88DF610] wpsdrvnt.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F88DF640] wpsdrvnt.sys
    ---- Processes - GMER 1.0.10 ----
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [244] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [300] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\nvsvc32.exe [308] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe [332] 0x00E50000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe [492] 0x00950000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [572] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\RECYCLER\lsass.exe [600] 0x10000000 <-- ROOTKIT !!!
    Process C:\WINDOWS\SYSTEM32\winlogon.exe (*** hidden *** ) 796 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\SYSTEM32\winlogon.exe [796] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [1636] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [1696] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1820] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Apache Group\Apache2\bin\Apache.exe [1956] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\GEARSec.exe [1996] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2024] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE [2388] 0x00C00000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe [2412] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Winamp\winamp.exe [2556] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\QuickTime\qttask.exe [2616] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2656] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\wccx.exe [2796] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\d13a4e75.exe [2804] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\SpeedFan\speedfan.exe [3080] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [3084] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\System32\rundll32.exe [3212] 0x00950000 <-- ROOTKIT !!!
    Library C:\WINDOWS\SYSTEM32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Canon\CAL\CALMAIN.exe [3564] 0x10000000 <-- ROOTKIT !!!
    Process C:\WINDOWS\explorer.exe (*** hidden *** ) 3808 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\explorer.exe [3808] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4196] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\PowerArchiver\POWERARC.EXE [4836] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\Program Files\Gadu-Gadu\gg.exe [5140] 0x00D00000 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\xdudtt.dll (*** hidden *** ) @ C:\WINDOWS\system32\notepad.exe [5400] 0x10000000 <-- ROOTKIT !!!
    Library C:\WINDOWS\System32\xdudtt.dll (*** hidden *** ) @ C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\_PA459\gmer.exe [6008] 0x10000000 <-- ROOTKIT !!!
    ---- Services - GMER 1.0.10 ----
    Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [SYSTEM] xdudmm <-- ROOTKIT !!!
    Service C:\WINDOWS\System32\xdudmm.sys (*** hidden *** ) [AUTO] xdudtt <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.10 ----


    alco8drv.sys GMER 1.0.9.8110 - http://www.gmer.net
    Windows 5.1.2600 Dodatek Service Pack 2

    ---- System - GMER 1.0.9 ----

    ---- Devices - GMER 1.0.9 ----
    Device \Driver\WmiDisk \Device\G69uQQGr IRP_MJ_CREATE 83E50A11
    ---- Processes - GMER 1.0.9 ----
    Process synbdusx.exe (*** hidden *** ) 1848 <-- ROOTKIT !!!
    ---- Files - GMER 1.0.9 ----
    File C:\WINDOWS\system32\drivers\alco8drv.sys
    File C:\WINDOWS\system32\synbdusx.exe
    ---- EOF - GMER 1.0.9 ----

    imaslip.sys GMER 1.0.9.8110 - {http://www.gmer.net}
    Windows 5.1.2600 Dodatek Service Pack 2

    ---- Devices - GMER 1.0.9 ----
    Device \Driver\Volvice \Device\aswtMgr IRP_MJ_CREATE 81BBB8C3
    Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1950828
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
    Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
    Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_SHUTDOWN [F8A3E6C1] prosync1.sys
    Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100D390
    ---- Processes - GMER 1.0.9 ----
    Process msvcji32.exe (*** hidden *** ) 1480 <-- ROOTKIT !!!
    Process lsacap32.exe (*** hidden *** ) 1488 <-- ROOTKIT !!!
    ---- Files - GMER 1.0.9 ----
    File C:\WINDOWS\system32\drivers\imaslip.sys
    File C:\WINDOWS\system32\lsacap32.exe
    ---- EOF - GMER 1.0.9 ----


    ivdmt16.sys winlow.sys GMER 1.0.9.8110 - http://www.gmer.net
    Windows 5.1.2600

    ---- System - GMER 1.0.9 ----
    SSDT a347bus.sys ZwClose
    SSDT a347bus.sys ZwCreateKey
    SSDT a347bus.sys ZwCreatePagingFile
    SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcess <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwCreateProcessEx <-- ROOTKIT !!!
    SSDT FF7B1820 ZwEnumerateKey <-- ROOTKIT !!!
    SSDT a347bus.sys ZwEnumerateValueKey
    SSDT a347bus.sys ZwOpenKey
    SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwOpenProcess <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
    SSDT a347bus.sys ZwQueryKey
    SSDT \??\C:\WINDOWS\System32\vdmt16.sys ZwQuerySystemInformation <-- ROOTKIT !!!
    SSDT a347bus.sys ZwQueryValueKey
    SSDT a347bus.sys ZwSetSystemPowerState
    ---- Services - GMER 1.0.9 ----
    Service C:\WINDOWS\System32\Drivers\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32 <-- ROOTKIT !!!
    ---- Files - GMER 1.0.9 ----
    File C:\!KillBox\drct16.dll
    File C:\System Volume Information\MountPointManagerRemoteDatabase
    File C:\System Volume Information\tracking.log
    File C:\WINDOWS\system32\cz.dll
    File C:\WINDOWS\system32\drct16.dll
    File C:\WINDOWS\system32\fltr.a3d
    File C:\WINDOWS\system32\hz.sys
    File C:\WINDOWS\system32\i.a3d
    File C:\WINDOWS\system32\klogini.dll
    File C:\WINDOWS\system32\mszx23.exe
    File C:\WINDOWS\system32\p2.ini
    File C:\WINDOWS\system32\redir.a3d
    File C:\WINDOWS\system32\tnfl.a3d
    File C:\WINDOWS\system32\vdmt16.sys <-- ROOTKIT !!!
    File C:\WINDOWS\system32\winlow.sys <-- ROOTKIT !!!
    File C:\WINDOWS\system32\wz.sys
    File D:\System Volume Information\tracking.log
    ---- Services - GMER 1.0.9 ----
    Service C:\WINDOWS\System32\vdmt16.sys [SYSTEM] vdmt16 <-- ROOTKIT !!!
    Service C:\WINDOWS\System32\winlow.sys [AUTO] winlow <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.9 ----


    drmpdate.sys GMER 1.0.9.8110 - http://www.gmer.net
    Windows 5.1.2600 Dodatek Service Pack. 1

    ---- System - GMER 1.0.9 ----
    SSDT \SystemRoot\System32\drivers\klif.sys ZwClose
    SSDT d347bus.sys ZwCreateKey
    SSDT d347bus.sys ZwCreatePagingFile
    SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess
    SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx
    SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection
    SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread
    SSDT d347bus.sys ZwEnumerateKey
    SSDT d347bus.sys ZwEnumerateValueKey
    SSDT kl1.sys ZwOpenFile
    SSDT d347bus.sys ZwOpenKey
    SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess
    SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile
    SSDT d347bus.sys ZwQueryKey
    SSDT \SystemRoot\System32\drivers\klif.sys ZwQuerySystemInformation
    SSDT d347bus.sys ZwQueryValueKey
    SSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThread
    SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess
    SSDT d347bus.sys ZwSetSystemPowerState
    SSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThread
    SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]
    SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]
    ---- Devices - GMER 1.0.9 ----
    Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CREATE [F865776A] HIDCLASS.SYS
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_CLOSEIRP_MJ_READ [F865776A] HIDCLASS.SYS
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_WRITE [F865776A] HIDCLASS.SYS
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_QUERY_INFORMATION [F865776A] HIDCLASS.SYS
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_INTERNAL_DEVICE_CONTROL [F865776A] HIDCLASS.SYS
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SHUTDOWN [F865776A] HIDCLASS.SYS
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_SYSTEM_CONTROL [F865776A] HIDCLASS.SYS
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_DEVICE_CHANGE [F865776A] HIDCLASS.SYS
    Device \Driver\hidusb \Device\_HID00000000#COLLECTION00000001 IRP_MJ_PNP_POWER [F865776A] HIDCLASS.SYS
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81EDBB50
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81EDBB50
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 81EDBB50
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82113F00
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82113F00
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 82113F00
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 82113F00
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 81EDBB50
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 81EDBB50
    Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
    Device \Driver\adpsSvc \Device\perRAME IRP_MJ_CREATE 81C721E7
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F82FABF6] klmc.sys
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_WRITE 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_POWER 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82147AD8
    Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82147AD8
    ---- Processes - GMER 1.0.9 ----
    Process UXTAKSIE.EXE (*** hidden *** ) 1208 <-- ROOTKIT !!!
    Process ADSPTSVC.EXE (*** hidden *** ) 1216 <-- ROOTKIT !!!
    ---- Modules - GMER 1.0.9 ----
    Module _________ F846A000
    ---- Services - GMER 1.0.9 ----
    Service C:\WINDOWS\System32\drivers\drmpdate.sys (*** hidden *** ) [SYSTEM] adpsSvc <-- ROOTKIT !!!
    ---- Registry - GMER 1.0.9 ----
    Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm
    Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
    Reg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAME
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sys
    Reg \Registry\MACHINE\SOFTWARE\[email protected] adpsSvc
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\lzedw400.exe
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\qosccr32.exe
    Reg \Registry\MACHINE\SOFTWARE\[email protected]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?
    Reg \Registry\MACHINE\SOFTWARE\[email protected] /CTUN
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\dxdstyle.dll
    Reg \Registry\MACHINE\SOFTWARE\[email protected] adchannel.contextplus.net
    Reg \Registry\MACHINE\SOFTWARE\[email protected] http://adchannel.contextplus.net/legal-note/nonbranded.html
    Reg \Registry\MACHINE\SOFTWARE\[email protected] CP.IST2
    Reg \Registry\MACHINE\SOFTWARE\[email protected] ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 1
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\uxtaksie.exe
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\adsptsvc.exe
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 2.0.131
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 3600000
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-14:32:01:192
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-13:32:01:442
    Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
    Reg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAME
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sys
    Reg \Registry\MACHINE\SOFTWARE\[email protected] adpsSvc
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\lzedw400.exe
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\qosccr32.exe
    Reg \Registry\MACHINE\SOFTWARE\[email protected]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\?965B0857-18E7-45F1-BC59-D59CE7AFA7D4?
    Reg \Registry\MACHINE\SOFTWARE\[email protected] /CTUN
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\dxdstyle.dll
    Reg \Registry\MACHINE\SOFTWARE\[email protected] adchannel.contextplus.net
    Reg \Registry\MACHINE\SOFTWARE\[email protected] http://adchannel.contextplus.net/legal-note/nonbranded.html
    Reg \Registry\MACHINE\SOFTWARE\[email protected] CP.IST2
    Reg \Registry\MACHINE\SOFTWARE\[email protected] ?X613cfc5-155c-47f2-44fb-b8bd7a7e0703?
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 1
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\Program Files\Inturacy\uxtaksie.exe
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\adsptsvc.exe
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 2.0.131
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 3600000
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-14:32:01:192
    Reg \Registry\MACHINE\SOFTWARE\[email protected] 2006:03:25-13:32:01:442
    Reg \Registry\MACHINE\SOFTWARE\C2ie8AGofgqm\AU2
    Reg \Registry\MACHINE\SOFTWARE\[email protected] y\9CqF KLLKLLML9.BpYkcKLLKaNLuglbmuqLqICD.6RQL\B2F.BCL\B69\yD.MCIC
    Reg \Registry\MACHINE\SOFTWARE\[email protected] \\.\perRAME
    Reg \Registry\MACHINE\SOFTWARE\[email protected] C:\WINDOWS\System32\drivers\drmpdate.sys
    Reg \Registry\MACHINE\SOFTWARE\[email protected]

    m_hook.sys GMER 1.0.9.8110 - http://www.gmer.net
    Windows 5.1.2600 Dodatek Service Pack. 1

    ---- System - GMER 1.0.9 ----
    SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwCreateFile <-- ROOTKIT !!!
    SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateKey <-- ROOTKIT !!!
    SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwEnumerateValueKey <-- ROOTKIT !!!
    SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
    SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQueryKey <-- ROOTKIT !!!
    SSDT \\??\\C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys ZwQuerySystemInformation <-- ROOTKIT !!!
    ---- Processes - GMER 1.0.9 ----
    Process wintems.exe (*** hidden *** ) 1656 <-- ROOTKIT !!!
    ---- Registry - GMER 1.0.9 ----
    Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\[email protected]
    C:\\WINDOWS\\System32\\wintems.exe
    Reg \\Registry\\USER\\S-1-5-21-839522115-1303643608-725345543-500\\Software\\Microsoft\\Windows\\CurrentVersion\\[email protected]
    C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe
    ---- Files - GMER 1.0.9 ----
    File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires
    File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\hidr.exe
    File C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys <-- ROOTKIT !!!
    File C:\\WINDOWS\\system32\\wintems.exe
    ---- Services - GMER 1.0.9 ----
    Service C:\\Documents and Settings\\Administrator\\Dane aplikacji\\hidires\\m_hook.sys [MANUAL] m_hook <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.9 ----


    VT100.EXE GMER 1.0.10.9819 - http://www.gmer.net
    Rootkit 2006-05-04 18:30:25
    Windows 5.1.2600 Dodatek Service Pack 2

    ---- Processes - GMER 1.0.10 ----
    Process C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) 3004 <-- ROOTKIT !!!
    Library C:\WINDOWS\system32\VT100.EXE (*** hidden *** ) @ C:\WINDOWS\system32\VT100.EXE [3004] 0x00400000 <-- ROOTKIT !!!
    ---- Registry - GMER 1.0.10 ----
    Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] Emulator C:\WINDOWS\system32\VT100.EXE
    ---- Files - GMER 1.0.10 ----
    File C:\WINDOWS\system32\VT100.EXE
    ---- EOF - GMER 1.0.10 ----

    zopenssld.sys GMER 1.0.9.8110 - http://www.gmer.net
    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.9 ----
    SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcess <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwCreateProcessEx <-- ROOTKIT !!!
    SSDT \??\C:\WINDOWS\system32\zopenssld.sys ZwQueryDirectoryFile <-- ROOTKIT !!!
    ---- Processes - GMER 1.0.9 ----
    Process ogolrs.exe (*** hidden *** ) 1928 <-- ROOTKIT !!!
    Process epfpr.exe (*** hidden *** ) 1972 <-- ROOTKIT !!!
    Process epfpr.exe (*** hidden *** ) 2032 <-- ROOTKIT !!!
    Process epfpr.exe (*** hidden *** ) 2040 <-- ROOTKIT !!!
    ---- Registry - GMER 1.0.9 ----
    Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] C:\WINDOWS\system32\ogolrs.exe reg_run
    Reg \Registry\USER\S-1-5-21-2000478354-764733703-854245398-1004\Software\Microsoft\Windows\CurrentVersion\[email protected]
    C:\WINDOWS\system32\ogolrs.exe reg_run
    ---- Files - GMER 1.0.9 ----
    File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gobmx.exe
    File C:\WINDOWS\mcusi.dll
    File C:\WINDOWS\system32\epfpr.exe
    File C:\WINDOWS\system32\ogolrs.exe
    File C:\WINDOWS\system32\plmtcxj.exe
    File C:\WINDOWS\system32\unolibu.dll
    File C:\WINDOWS\system32\zopenssl.dll
    File C:\WINDOWS\system32\zopenssld.sys <-- ROOTKIT !!!
    ---- Services - GMER 1.0.9 ----
    Service C:\WINDOWS\system32\zopenssld.sys [SYSTEM] zopenssld <-- ROOTKIT !!!
    ---- EOF - GMER 1.0.9 ----



    sysbus32.sys ---- System - GMER 1.0.8 ----
    SSDT 8182860A ZwEnumerateKey
    SSDT 818298B6 ZwQueryDirectoryFile
    ---- Devices - GMER 1.0.8 ----
    Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 81828CEE
    Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 81828CEE
    Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 81828CEE
    Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 81828CEE
    Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 81828CEE
    ---- Services - GMER 1.0.8 ----
    Service D:\WINDOWS\System32\DRIVERS\sysbus32.sys (*** hidden *** ) [AUTO] sysbus32
    ---- Registry - GMER 1.0.8 ----
    Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\sysbus32
    Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 1
    Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 1
    Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 2
    Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] System32\DRIVERS\sysbus32.sys
    Reg \Registry\MACHINE\SYSTEM\ControlSet001\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...
    Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\sysbus32
    Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 1
    Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 1
    Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 2
    Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] System32\DRIVERS\sysbus32.sys
    Reg \Registry\MACHINE\SYSTEM\ControlSet003\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...
    Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\sysbus32
    Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 1
    Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 2
    Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] System32\DRIVERS\sysbus32.sys
    Reg \Registry\MACHINE\SYSTEM\CurrentControlSet\Services\[email protected] 0xF1 0x15 0x28 0xD4 ...
    ---- Files - GMER 1.0.8 ----
    File D:\WINDOWS\system32\drivers\sysbus32.sys

    avpe32.sys avpe64.sys avpe32.dll ---- System - GMER 1.0.7 ----
    SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcess
    SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwCreateProcessEx
    SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenProcess
    SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwOpenThread
    SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQueryDirectoryFile
    SSDT \SystemRoot\System32\DRIVERS\avpe32.sys ZwQuerySystemInformation
    ---- Processes - GMER 1.0.7 ----
    Process explorer.exe (*** hidden *** ) 1596
    File D:\WINDOWS\system32\avpe32.dll
    File D:\WINDOWS\system32\drivers\avpe64.sys
    File D:\WINDOWS\system32\klgcptini.dat
    File D:\WINDOWS\system32\stt82.ini

    isa32.sys + netpt.sys
    ---- System - GMER 1.0.6 ----
    SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateKey
    SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwEnumerateValueKey
    SSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwOpenProcess
    SSDT \??\C:\WINDOWS\System32\drivers\isa32.sys ZwQueryDirectoryFile
    SSDT \SystemRoot\system32\DRIVERS\netpt.sys ZwQuerySystemInformation
    ---- Devices - GMER 1.0.6 ----
    Device \Driver\Tcpip IRP_MJ_CREATE isa32.sys
    Device \Driver\Tcpip IRP_MJ_CLOSEIRP_MJ_READ isa32.sys
    Device \Driver\Tcpip IRP_MJ_INTERNAL_DEVICE_CONTROL isa32.sys
    ---- Processes - GMER 1.0.6 ----
    Process svchost.exe (*** hidden *** ) 828
    Process perfont.exe (*** hidden *** ) 1276
    File C:\WINDOWS\system32\drivers\isa32.sys
    File C:\WINDOWS\system32\main6.exe
    File C:\WINDOWS\Prefetch\MAIN6.EXE-2CC0C9E7.pf

    i386p.sys ---- System - GMER 1.0.6 ----
    SSDT 81F7FA16 ZwEnumerateKey
    SSDT 81F7FABA ZwEnumerateValueKey
    SSDT \??\C:\WINDOWS\system32\drivers\HookCentre.sys ZwOpenProcess
    SSDT 81F7F532 ZwQueryDirectoryFile
    ---- Devices - GMER 1.0.6 ----
    Device \Driver\Tcpip IRP_MJ_CREATE 81F8057A
    Device \Driver\i386p IRP_MJ_CREATE 81F7F3A4
    File C:\99e21c81d36497c0228b\data\EURGEOM.DAT
    File C:\99e21c81d36497c0228b\data\EURROUTE.DAT
    File C:\99e21c81d36497c0228b\data\EURROUTE.DCT
    File C:\99e21c81d36497c0228b\data\EURROUTE.VLF
    File C:\99e21c81d36497c0228b\data\EUR_HD.MAD
    File C:\99e21c81d36497c0228b\data\MSCREATE.DIR
    File C:\99e21c81d36497c0228b\sp1\spmsg.dll
    File C:\99e21c81d36497c0228b\sp1\spuninst.exe
    File C:\99e21c81d36497c0228b\sp1\update
    File C:\99e21c81d36497c0228b\sp1\update\eula.txt
    File C:\99e21c81d36497c0228b\sp1\update\spcustom.dll
    File C:\99e21c81d36497c0228b\sp1\update\update.exe
    File C:\99e21c81d36497c0228b\sp2\spmsg.dll
    File C:\99e21c81d36497c0228b\sp2\spuninst.exe
    File C:\99e21c81d36497c0228b\sp2\update
    File C:\99e21c81d36497c0228b\sp2\update\eula.txt
    File C:\99e21c81d36497c0228b\sp2\update\spcustom.dll
    File C:\99e21c81d36497c0228b\sp2\update\update.exe
    File C:\99e21c81d36497c0228b\system\AM70407.DLL
    File C:\99e21c81d36497c0228b\system\AUTOMAP7.EXE
    File C:\99e21c81d36497c0228b\system\EUR70407.CHM
    File C:\99e21c81d36497c0228b\system\EUR70407.DLL
    File C:\99e21c81d36497c0228b\system\EUR70407.HLP
    File C:\99e21c81d36497c0228b\system\MSCREATE.DIR
    File C:\99e21c81d36497c0228b\system\MVUT21N.DLL



    Copyright (c) GMER 2004 - 2013
     
  6. rainforest123

    rainforest123

    Joined:
    Dec 28, 2004
    Messages:
    8,256
    The fastest way to bring your thread to the attention of a forum member who has the credentials to work on a malware removal issue is to:
    Left click "report"
    Ask the moderator to move your thread to the appropriate forum.

    RF123
     
  7. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,473
    First Name:
    Frank
    Download MGADiag to your desktop.

    Double-click on MGADiag.exe to launch the program.

    Click "Continue".

    Ensure that the "Windows" tab is selected (it should be by default).

    Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.

    Paste the MGA Diagnostic Report back here in your next reply.

    ------------------------------------------------------------------
     
  8. maria01773

    maria01773 Thread Starter

    Joined:
    Jan 29, 2013
    Messages:
    4
    hello, i hope this is the correct information, many thanks, maria

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-YCBJ3-G6RY6-VPBJT
    Windows Product Key Hash: CZNFjXqPiMkiBgLsDp5P20lM9PE=
    Windows Product ID: 00426-OEM-9154342-50371
    Windows Product ID Type: 3
    Windows License Type: OEM System Builder
    Windows OS version: 6.1.7601.2.00010100.1.0.001
    ID: {95F77A10-0D26-4319-B682-37C9CAA1F14A}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: Windows 7 Ultimate
    Architecture: 0x00000009
    Build lab: 7601.win7sp1_gdr.120830-0333
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A
    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002
    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002
    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE; Win32)
    Default Browser: N/A, hr=0x80070002
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed
    File Scan Data-->
    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{95F77A10-0D26-4319-B682-37C9CAA1F14A}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-VPBJT</PKey><PID>00426-OEM-9154342-50371</PID><PIDType>3</PIDType><SID>S-1-5-21-469256521-1560171154-575984373</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>MCP61M-M3</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080015 </Version><SMBIOSVersion major="2" minor="6"/><Date>20101103000000.000000+000</Date></BIOS><HWID>CD053F07018400F4</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>55A39B2AC03BD86</Val><Hash>u+u4uLijTg18svHcztt0SJv6tjM=</Hash><Pid>89388-707-0157384-65823</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
    Spsys.log Content: 0x80070002
    Licensing Data-->
    Software licensing service version: 6.1.7601.17514
    Name: Windows(R) 7, Ultimate edition
    Description: Windows Operating System - Windows(R) 7, OEM_COA_NSLP channel
    Activation ID: cfb3e52c-d707-4861-af51-11b27ee6169c
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 00426-00182-543-450371-02-2057-7601.0000-3072010
    Installation ID: 019041831680523870641355700770871735224922295245396812
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
    Partial Product Key: VPBJT
    License Status: Licensed
    Remaining Windows rearm count: 3
    Trusted time: 30/01/2013 15:49:38
    Windows Activation Technologies-->
    HrOffline: 0x00000000
    HrOnline: N/A
    HealthStatus: 0x0000000000000000
    Event Time Stamp: N/A
    ActiveX: Registered, Version: 7.1.7600.16395
    Admin Service: Registered, Version: 7.1.7600.16395
    HealthStatus Bitmask Output:

    HWID Data-->
    HWID Hash Current: LgAAAAEAAgABAAEAAQABAAAAAQABAAEA6GEExLbYrH2SAJ4f7hYKEiTAlrcqPw==
    OEM Activation 1.0 Data-->
    N/A
    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes, but no SLIC table
    Windows marker version: N/A
    OEMID and OEMTableID Consistent: N/A
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC 110310 APIC1147
    FACP 110310 FACP1147
    SRAT AMD FAM_F_10
    MSCT A M I OEMBOARD
    HPET 110310 OEMHPET0
    MCFG 110310 OEMMCFG
    WDRT 110310 NV-WDRT
    OEMB 110310 OEMB1147
    SSDT A M I POWERNOW
     
  9. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    79,473
    First Name:
    Frank
    Thanks for submitting the MGA log.

    I've sent in a request to have your thread moved to the "Virus & Other Malware Removal" section.

    ---------------------------------------------------------------
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087443

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice