Logfile of HijackThis v1.99.1
Scan saved at 15:14:30, on 06.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Windows Defender\MsMpEng.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programfiler\Lavasoft\Ad-Axis Management Console\aaserver.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\ewido anti-spyware 4.0\guard.exe
C:\Programfiler\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Canon\BJPV\TVMon.exe
C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\CTHELPER.EXE
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programfiler\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Programfiler\PeerGuardian2\pg2.exe
C:\Programfiler\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRAMFILER\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Jens Erik\Skrivebord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.startsiden.no/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startsiden.no
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [BJPD HID Control] C:\Programfiler\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [SBDrvDet] C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SystemGuardAlerter] SystemGuardAlerter.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programfiler\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [updateMgr] "C:\PROGRAMFILER\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Programfiler\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Programfiler\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O12 - Plugin for .wav: C:\Programfiler\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/SpywareScanner.ocx
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37890.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ad-Axis Server - Unknown owner - C:\Programfiler\Lavasoft\Ad-Axis Management Console\aaserver.exe" --debug --noop --trace --service "Ad-Axis Server (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Programfiler\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe


svchost.exe and tmproxy.exe is really slowing down my computer...

what to remove??

Hello neo4132,

svchost.exe is a legit Microsoft exe and and tmproxy.exe is related to Trend Micro. Maybe the proxy filtering is using a lot of CPU. I don't see anything bad in your log but then again HJT does not show everything. A would like to see a startuplist too please.

Run HijackThis, click on Open the Misc Tools Section, put a checkmark in List also minor sections and List empty sections. Click on Generate StartupList log, anwser Yes and copy/paste the content in your reply.
Click Back and Click on Scan. When the scan is finished, put a check in the box on the left side of the following items if still present:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} (Java Plug-in) -

Close ALL windows and browsers except HijackThis and click Fix Checked
______________________________

Unfortunately the Kaspersky online scanner is not working for the moment, so we'll use Ewido.

Please download Ewido to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install Ewido by double clicking the installer.
• Follow the prompts. Make sure that Launch Ewido is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesfull message.
    Note: If the Update now option is grayed out, follow the steps below.
    • Click on Update on the toolbar.
    • Under Manual update, click on the Start Update button.
    • Wait until you see the Update succesfull message.
• Right-click the Ewido Tray Icon and uncheck Start with Windows.
• Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.
______________________________

Reboot your computer in Safe Mode.

• If the computer is running, shut down Windows, and then turn off the power.
• Wait 30 seconds, and then turn the computer on.
• Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
• Ensure that the Safe Mode option is selected.
• Press Enter. The computer then begins to start in Safe mode.

______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
    
• When done, click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.

Reboot in Normal Mode.
______________________________

Please post

1. startuplist
2. Ewido Report

Kim

startup list

StartupList report, 06.08.2006, 17:34:25
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Jens Erik\Skrivebord\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Programfiler\Lavasoft\Ad-Axis Management Console\aaserver.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programfiler\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Programfiler\Canon\BJPV\TVMon.exe
C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Logitech\SetPoint\SetPoint.exe
C:\Programfiler\Fellesfiler\Logitech\KhalShared\KHALMNPR.EXE
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Programfiler\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jens Erik\Skrivebord\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Jens Erik\Start-meny\Programmer\Oppstart]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart]
Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Logitech SetPoint.lnk = C:\Programfiler\Logitech\SetPoint\SetPoint.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

MaxtorOneTouch = C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
MXOBG = C:\WINDOWS\MXOALDR.EXE
BJPD HID Control = C:\Programfiler\Canon\BJPV\TVMon.exe
CTSysVol = C:\Programfiler\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
SBDrvDet = C:\Programfiler\Creative\SB Drive Det\SBDrvDet.exe /r
SideWinderTrayV4 = C:\PROGRA~1\MI948F~1\GAMECO~1\Common\SWTrayV4.exe
CTHelper = CTHELPER.EXE
ATICCC = "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
Logitech Hardware Abstraction Layer = KHALMNPR.EXE
pccguide.exe = "C:\Programfiler\Trend Micro\Internet Security 14\pccguide.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PeerGuardian = C:\Programfiler\PeerGuardian2\pg2.exe
LDM = \Program\BackWeb-8876480.exe
updateMgr = "C:\PROGRAMFILER\ADOBE\ACROBAT 7.0\READER\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command

(Default) = "C:\WINDOWS\system32\notepad.exe" "%1"

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = NOTEPAD.EXE %1

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = "%WinDir%\system32\NOTEPAD.EXE" %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is NOT normal! (NOTEPAD.EXE %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registerredigering'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - (no file) - {B56A7D7D-6927-48C8-A975-17DF180C71AC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

1-Click Maintenance.job
MP Scheduled Scan.job

--------------------------------------------------

Enumerating Download Program Files:

[Creative Software AutoUpdate]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CTSUEng.ocx
CODEBASE = http://creative.com/su/ocx/15015/CTSUEng.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewido.net/ewidoOnlineScan.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

[TenebrilSpywareScanner Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SPYWAR~1.OCX
CODEBASE = http://www.tenebril.com/assets/activeX/SpywareScanner.ocx

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab

[{556DDE35-E955-11D0-A707-000000521957}]
CODEBASE = http://www.xblock.com/download/xclean_micro.exe

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\bdoscan8\oscan81.ocx
CODEBASE = http://download.bitdefender.com/resources/scan8/oscan8.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

[WScanCtl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\webscan.dll
CODEBASE = http://www3.ca.com/securityadvisor/virusinfo/webscan.cab

[ICSScanner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ICSScan.dll
CODEBASE = http://download.zonelabs.com/bin/promotion...canner37890.cab

[Java Plug-in]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[a-squared Scanner]
InProcServer32 = C:\WINDOWS\DOWNLO~1\asquared.ocx
CODEBASE = http://ax.emsisoft.com/asquared.cab

[Java Plug-in]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll

[Java Plug-in]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Programfiler\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Creative Software AutoUpdate Support Package]
InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx
CODEBASE = http://www.creative.com/su/ocx/15023/CTPID.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

a347bus: system32\DRIVERS\a347bus.sys (system)
a347scsi: System32\Drivers\a347scsi.sys (system)
Microsoft ACPI-driver: system32\DRIVERS\ACPI.sys (system)
Ad-Axis Server: "C:\Programfiler\Lavasoft\Ad-Axis Management Console\aaserver.exe" --debug --noop --trace --service "Ad-Axis Server" (autostart)
Fjerning av akustisk ekko for Microsoft Kernel: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD Athlon64 Processor Driver: system32\DRIVERS\AmdK8.sys (system)
ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: system32\DRIVERS\AN983.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP-klientprotokoll: system32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS asynkron mediedriver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI harddiskkontroller: system32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATI T200 Unified AVStream service: system32\DRIVERS\atinavt2.sys (manual start)
ATI WDM Rage Theater Video: system32\DRIVERS\atinrvxx.sys (manual start)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Lydstubbedriver: system32\DRIVERS\audstub.sys (manual start)
Autodesk Licensing Service: "C:\Programfiler\Fellesfiler\Autodesk Shared\Service\AdskScSrv.exe" (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Dekoder for teksting for hørselshemmede: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM-driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+-systemapplikasjon: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Creative Service for CDROM Access: C:\WINDOWS\system32\CTsvcCDA.exe (autostart)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Creative AC3 Software Decoder: System32\drivers\ctac32k.sys (manual start)
Creative Audio Driver (WDM): system32\drivers\ctaud2k.sys (manual start)
Creative DVD-Audio Device Driver: System32\drivers\ctdvda2k.sys (manual start)
Creative Proxy Driver: System32\drivers\ctprxy2k.sys (manual start)
Creative SoundFont Management Device Driver: System32\drivers\ctsfm2k.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Diskdriver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Driver for Behandling av logiske disker: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS-synthesizer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
DRM-lyddekoder for Microsoft Kernel: system32\drivers\drmkaud.sys (manual start)
DrvFltIp: \??\C:\Programfiler\MRBDG\DrvFltIp.sys (manual start)
E-mu Plug-in Architecture Driver: System32\drivers\emupia2k.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+-hendelsessystem: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
ewido anti-spyware 4.0 driver: \??\C:\Programfiler\ewido anti-spyware 4.0\guard.sys (system)
ewido anti-spyware 4.0 guard: C:\Programfiler\ewido anti-spyware 4.0\guard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Diskettkontrollerdriver: system32\DRIVERS\fdc.sys (manual start)
Canon BJ Hid Usb Filter Service2: system32\DRIVERS\bjhid2.sys (manual start)
Diskettdriver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Driver for Volumbehandling: system32\DRIVERS\ftdisk.sys (system)
Microsoft Generic AGPv3.0-filter for K8-prosessorplattformer: system32\DRIVERS\gagp30kx.sys (system)
Spillportenumerator: system32\DRIVERS\gameenum.sys (manual start)
Forsterkende filterdriver for Microsoft SideWinder: system32\DRIVERS\GcKernel.sys (manual start)
Generisk pakkeklassifiserer: system32\DRIVERS\msgpc.sys (manual start)
Creative Hardware Abstract Layer Driver: System32\drivers\ha10kx2k.sys (manual start)
Creative P16V HAL Driver: System32\drivers\hap16v2k.sys (manual start)
Creative P17V HAL Driver: system32\drivers\hap17v2k.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Minidriver for virtuell HID-enhet for Microsoft SideWinder: system32\DRIVERS\HIDSwvd.sys (manual start)
Microsoft HID-klassedriver: system32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042-tastatur og PS/2-museportsdriver: system32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
Driver for CD-brenningsfilter: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
Driver for IP-trafikkfilter: system32\DRIVERS\ipfltdrv.sys (manual start)
Driver for IP i IP-tunnel: system32\DRIVERS\ipinip.sys (manual start)
IP-nettverksadresseoversetter: system32\DRIVERS\ipnat.sys (manual start)
IPSEC-driver: system32\DRIVERS\ipsec.sys (system)
IR-nummereringstjeneste: system32\DRIVERS\irenum.sys (manual start)
Driver for PnP ISA/EISA Bus: system32\DRIVERS\isapnp.sys (system)
Jukebox3: system32\DRIVERS\ctpdusb.sys (manual start)
Driver for tastaturklasse: system32\DRIVERS\kbdclass.sys (system)
Tastatur-HID-driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave lydmikser: system32\drivers\kmixer.sys (manual start)
Logitech SetPoint PS/2 Mouse Filter Driver: System32\Drivers\L8042mou.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LBeepKE: System32\Drivers\LBeepKE.sys (autostart)
Logitech SetPoint HID Mouse Filter Driver: system32\DRIVERS\LHidKE.Sys (manual start)
Logitech SetPoint USB Receiver device driver: System32\Drivers\LHidUsbK.Sys (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Logitech SetPoint Mouse Filter Driver: System32\Drivers\LMouKE.sys (manual start)
Machine Debug Manager: "C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE" (autostart)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Unimodem Streaming-filterenhet: system32\drivers\MODEMCSA.sys (manual start)
Driver for musklasse: system32\DRIVERS\mouclass.sys (system)
HID-driver for mus: system32\DRIVERS\mouhid.sys (manual start)
BDA MPE-filter: system32\DRIVERS\MPE.sys (manual start)
Enhetsomadresserer for WebDav-klient: system32\DRIVERS\mrxdav.sys (manual start)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Multimedia Keyboard Filter Driver: System32\DRIVERS\msikbd2k.sys (system)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Tjenesteproxy for Microsoft Streaming: system32\drivers\MSKSSRV.sys (manual start)
Klokkeproxy for Microsoft Streaming: system32\drivers\MSPCLOCK.sys (manual start)
Kvalitetsbehandlingsproxy for Microsoft Streaming: system32\drivers\MSPQM.sys (manual start)
BIOS-driver for Microsoft System Management: system32\DRIVERS\mssmbios.sys (manual start)
Tee/Sink-to-Sink-konverterer for Microsoft Streaming: system32\drivers\MSTEE.sys (manual start)
Mtlmnt5: system32\DRIVERS\Mtlmnt5.sys (manual start)
Mtlstrm: system32\DRIVERS\Mtlstrm.sys (manual start)
ATI WDM Specialized MVD Codec: system32\DRIVERS\atinmdxx.sys (manual start)
USB Storage Adapter FX (MXO): system32\DRIVERS\MXOFX.SYS (manual start)
Maxtor OneTouch Security Driver: system32\DRIVERS\mxopswd.sys (manual start)
NABTS/FEC VBI-kodek: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/video-tilkobling: system32\DRIVERS\NdisIP.sys (manual start)
NDIS TAPI-driver for ekstern pålogging: system32\DRIVERS\ndistapi.sys (manual start)
I/T-protokoll for NDIS-brukermodus: system32\DRIVERS\ndisuio.sys (manual start)
NDIS WAN-driver for ekstern pålogging: system32\DRIVERS\ndiswan.sys (manual start)
NetBios over TCP/IP: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Netropa NHK Server: C:\Programfiler\Netropa\Multimedia Keyboard\nhksrv.exe (autostart)
1394-nettverksdriver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NtMtlFax: system32\DRIVERS\NtMtlFax.sys (manual start)
Driver for IPX-trafikkfilter: system32\DRIVERS\nwlnkflt.sys (manual start)
Driver for videresending av IPX-trafikk: system32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI-kompatibel IEEE 1394-vertskontroller: system32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Programfiler\Fellesfiler\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Creative OS Services Driver: system32\drivers\ctoss2k.sys (manual start)
Creative WebCam NX: system32\DRIVERS\P1110Vid.sys (manual start)
Driver for parallell port: system32\DRIVERS\parport.sys (manual start)
Trend Micro Central Control Component: C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (autostart)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
PfDetNT: \??\C:\WINDOWS\system32\drivers\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN-miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
D-link AirPlus G DWL-G120 WLAN USB Driver: system32\DRIVERS\PRISMA02.sys (manual start)
Prosessordriver: system32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS-pakkeplanlegger: system32\DRIVERS\psched.sys (manual start)
Direkte parallell koblingsdriver: system32\DRIVERS\ptilink.sys (manual start)
Driver for automatisk ekstern påloggingstilkobling: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN-miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
PPPOE-driver for ekstern tilgang: system32\DRIVERS\raspppoe.sys (manual start)
Direkte parallell: system32\DRIVERS\raspti.sys (manual start)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Driver for enhetsomadresserer for Terminal Server: system32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
RecAgent: system32\DRIVERS\RecAgent.sys (system)
Filterdriver for digital CD-lydavspilling: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum-filterdriver: system32\DRIVERS\serenum.sys (manual start)
Seriellportdriver: system32\DRIVERS\serial.sys (system)
Windows Firewall / Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
SmartLink AMR_PCI Driver: system32\DRIVERS\slntamr.sys (manual start)
SlNtHal: system32\DRIVERS\Slnthal.sys (manual start)
SmartLinkService: slserv.exe (autostart)
SlWdmSup: system32\DRIVERS\SlWdmSup.sys (manual start)
Acronis Snapshots Manager: system32\DRIVERS\snapman.sys (system)
Lydsplitter for Microsoft Kernel: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Filterdriver for systemgjenoppretting: \SystemRoot\system32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Driver for programvarebuss: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{0C29F8A2-80C2-4F20-A954-277B1ADB123C} (manual start)
VIA-filterdriver for Microsoft SideWinder: system32\DRIVERS\SWUSBFLT.sys (manual start)
Microsoft Kernel System-lydenhet: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Driver for TCP/IP-protokoll: system32\DRIVERS\tcpip.sys (system)
Driver for terminalenhet: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acronis TrueImage FS Filter: system32\DRIVERS\tifsfilt.sys (autostart)
Acronis TrueImage Backup Archive Explorer: system32\DRIVERS\timntr.sys (system)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
Tmfilter: system32\drivers\TmXPFlt.sys (autostart)
Trend Micro Real-time Service: C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe (autostart)
Trend Micro Personal Firewall: C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe (autostart)
Tmpreflt: system32\drivers\Tmpreflt.sys (autostart)
Trend Micro Proxy Service: C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe (autostart)
Trend Micro TDI Driver: \SystemRoot\System32\Drivers\tmtdi.sys (system)
Common Firewall Driver: \SystemRoot\System32\Drivers\tm_cfw.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
TuneUp WinStyler Theme Service: "C:\Programfiler\TuneUp Utilities 2006\WinStylerThemeSvc.exe" (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Oppdateringsdriver for mikrokode: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB generell overordnet driver: system32\DRIVERS\usbccgp.sys (manual start)
Miniportdriver for Microsoft USB 2.0 forbedret vertskontroller: system32\DRIVERS\usbehci.sys (manual start)
Driver for standard Microsoft USB-hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER-klasse: system32\DRIVERS\usbprint.sys (manual start)
USB-skannerdriver: system32\DRIVERS\usbscan.sys (manual start)
USB-masselagringsenhet: system32\DRIVERS\USBSTOR.SYS (manual start)
Miniportdriver for Microsoft USB universell vertskontroller: system32\DRIVERS\usbuhci.sys (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Filter: system32\DRIVERS\viaagp1.sys (system)
ViaIde: system32\DRIVERS\viaide.sys (system)
Vsapint: system32\drivers\VsapiNT.sys (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IP ARP-driver for ekstern pålogging: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility-driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Windows Defender Service: "C:\Programfiler\Windows Defender\MsMpEng.exe" (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
WMDM PMSP Service: C:\WINDOWS\system32\MsPMSPSv.exe (autostart)
Tjenesten Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext-kodek: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 39 304 bytes
Report generated in 0,157 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


i must say that i have runned both online and the downloaded version of ewido scan with the latest updates.

and it hasnt found anything..

here is the report

ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:28:24 06.08.2006

+ Scan result:



Nothing found.



::Report end

Couple of things ...



Did you use a program to deny the use of regedit ? Or change it associations ?

**********************


Do you know this device / service ? If not what else lives in the C:\Programfiler\MRBDG folder ?

Make sure that you can see hidden files.

1. Click Start.
2. Click My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Uncheck the Hide file extensions for known file types.
9. Click OK.

Let me know which other files are in that folder. If many, use the following batch file and post it contents please.

Copy/paste the following quote box into a new notepad (not wordpad) document.


Save it to your Desktop as findfiles.bat. Save it as:
File Type: All Files (not as a text document or it wont work).
Name: findfiles.bat

Locate findfiles.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply.

**********************

Just double checking ...

Download Gmer from here:

http://www.gmer.net/gmer.zip
Disconnect from internet and close running programs.
There is a small chance this app may crash your computer so save any work you have open.
Double click gmer.exe
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click "rootkit" tab and click "scan"
Wait for scan to finish.

Once done click "copy"
Open Notepad and hit "ctrl+v" to paste log.
Reconnect to internet and post log please.

Kim

cant say there is anything in this folder C:\Programfiler\MRBDG\

cant find it, even if i unlock all folders..

windows says its nothing there, i will now try the second thing u told me..

and i havent dont anything with the registry, have not used any tools to block changes :S

Ok, we'll fix that registry issue then once I've the rest of the results. Please run gmer too.

Next ...

Download Bobbi Flekman's RegSearch from
http://www.bleepingcomputer.com/files/regsearch.php

Create a folder for RegSearch on the C: drive called C:\RegSearch. You can do this by going to My Computer then double click on C: then right click and select New then Folder and name it RegSearch. Extract all the files from the zip archive into that folder.

Open the RegSearch folder and double-click the icon for RegSearch.exe to launch the program.
Copy / Paste the following line into the Search Box:

DrvFltIp

then hit Ok

After completion Notepad will be opened with all the found instances of the string. The resulting file is saved in the same location as RegSearch.exe. Post results please.

we have rootkit activety!


---- Modules - GMER 1.0.10 ----

Module _________ F740B000
Module RecAgent.sys (*** hidden *** ) F79E4000 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File \System Volume Information\MountPointManagerRemoteDatabase
File \System Volume Information\tracking.log
File \System Volume Information\_restore{66F6191E-A215-4F64-B20F-727AA299FAA4}
File \System Volume Information\_restore{FA8776D8-EBF4-4409-BD49-6E5ECFA279AA}

---- EOF - GMER 1.0.10 ----

I need to see the complete log please, with the cdrom and ide devices as it was before your edit.

You might need 2 posts to fit everything in. Also, uncheck Enable emoticons when posting the log please, thanks.

Kim

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-06 20:48:04
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\Programfiler\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \??\C:\Programfiler\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86854478
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 86854478
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 86854AC0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 86854AC0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSEIRP_MJ_READ 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 86854AC0
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSEIRP_MJ_READ 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 86854AC0
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_CREATE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_CREATE_NAMED_PIPE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_CLOSEIRP_MJ_READ 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_WRITE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_QUERY_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_SET_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_QUERY_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_SET_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_FLUSH_BUFFERS 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_QUERY_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_SET_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_DIRECTORY_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_FILE_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_INTERNAL_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_SHUTDOWN 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_LOCK_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_CLEANUP 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_CREATE_MAILSLOT 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_QUERY_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_SET_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_DEVICE_CHANGE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_QUERY_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_SET_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_PNP 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1a IRP_MJ_PNP_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_CREATE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_CREATE_NAMED_PIPE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_CLOSEIRP_MJ_READ 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_WRITE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_QUERY_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_SET_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_QUERY_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_SET_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_FLUSH_BUFFERS 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_QUERY_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_SET_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_DIRECTORY_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_FILE_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_SHUTDOWN 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_LOCK_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_CLEANUP 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_CREATE_MAILSLOT 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_QUERY_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_SET_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_DEVICE_CHANGE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_QUERY_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_SET_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_PNP 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-22 IRP_MJ_PNP_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 86854AC0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 86854AC0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86854478
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86854478
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 86854478
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 86854478
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 86854478
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ

Here is the complete list Kimberly! i have had problems posting the hole list in 2 posts, it doesnt work :S

but theres an attached file with all the info!

the other program didnt work!

http://img79.imageshack.us/img79/8414/regsearch2gj9.png image of it! access violation. strange.

and afterwards it pops up error messages all the time :S

Got the gmer log, thx -- looking over it now. Normally RecAgent.sys is legit as installed by smartlink modems - dunno why flagged as rootkit.

Regsearch error .... alternative :

Please download the Registry Search Tool from here:
http://www.billsway.com/vbspage/

Unzip it to a convienant location such as your Desktop. Make sure that your Antivirus / OS allows the use of the .vbs scripts. If prompted, make sure to allow the script.

Double click regsearch.vbs
Copy / Paste the following line into the Search Box:

DrvFltIp

then hit Ok

It may take a while to run. It will tell you when it's done and offer you to look at the file.
Say Yes and when it opens copy/paste the content in your reply.

didnt get that program to work.

it opened in notepad, not much to do there..

Think im going to reinstall the hole shit tomorrow :/

its hopeless.. thx for all ur help kimb

i think this could be some deep shit this time..

Your computer isn't infected at all. The gmer entries are normal.

All the cdrom / ide devices are related to Alcohol /Daemon tools hooks.

RecAgent.sys : it's not a rootkit, it's a legit smartlink modem driver. The reason why it shows in the log is that the driver did load while gmer was running. Next log might not show it.


Ok, some program associations are borked but that's easy to fix. Lemme know your intentions but a reinstall is a bit an overkill imo.

But if you prefer, go ahead, I can't blame you for that.

Kim

Hi Kimb!

long time now


i did reinnstall the pc, i think it was still for the best, it works much better now..

its much faster now, and the com got a real good cleanup

but if there are something i will let u know

Hi neo4132,


I bet it is. Reinstalling from time to time ain't bad at all.

If something seems to be wrong, don't hesitate to post back indeed ... as soon as you notice it.

Now that you have a speedy PC again ... some tips to keep it clean and secured

Windows, Internet Explorer and Microsoft Office Updates

Visit Microsoft's Windows Update Site frequently. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

If you are running Microsoft Office, or any application of it, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed.

If you have trouble with Windows Update, you still can get all the Critical Updates, Security Fixes and Service Packs. Below are a few links to bookmark.

Microsoft Security Bulletins
http://www.microsoft.com/technet/security/current.aspx

Office downloads
http://office.microsoft.com/en-us/officeupdate/default.aspx

Download Center
http://www.microsoft.com/downloads/search.aspx

Microsoft Security Advisories
http://www.microsoft.com/technet/security/...ry/default.mspx

Recently Published
http://www.microsoft.com/technet/security/...nt/default.mspx

Make your Internet Explorer more secure

1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click on the Security tab
3. Click the Internet icon so it becomes highlighted.
4. Click on Default Level and click Ok
5. Click on the Custom Level button.
   • Change the Download signed ActiveX controls to Prompt
   • Change the Download unsigned ActiveX controls to Disable
   • Change the Initialise and script ActiveX controls not marked as safe to Disable
   • Change the Installation of desktop items to Prompt
   • Change the Launching programs and files in an IFRAME to Prompt
   • Change the Navigate sub-frames across different domains to Prompt
   • When all these settings have been made, click on the OK button.
   • If it prompts you as to whether or not you want to save the settings, press the Yes button.
6. Next press the Apply button and then the OK to exit the Internet Properties page.

Take the time to check out the following links

Resources for using Internet Explorer 6
http://support.microsoft.com/?kbid=867470

How to Configure Enhanced Security Features for Internet Explorer from Windows XP SP2
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Microsoft Malicious Software Removal Tool
http://www.microsoft.com/security/malwarer...e/families.mspx

Keep your Sun Java up to date

The most current version of Sun Java is: Java Runtime Environment Version 5.0 Update 8

To check if you have the latest version installed and get the needed updates, please go to the link below:
http://www.java.com/en/download/windows_automatic.jsp
You'll need to use IE and allow ActiveX for this update. Follow the instructions on that page to check your Java Software.

Or you can get the manual download here:
http://www.java.com/en/download/manual.jsp

Check in your Control Panel, under Add/Remove programs and uninstall ALL older versions of Sun Java. And in the future, remember to remove older versions of Java when you automatically update to a newer version to avoid exploitation of older versions left on your system.

Check out these topics for more information:
http://spywarewarrior.com/viewtopic.php?t=17910
http://spywarewarrior.com/viewtopic.php?t=17598

Free programs that may help you in keeping the PC clean

• SpywareBlaster
  SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  You can download SpywareBlaster here
  A tutorial can be found here
• SpywareGuard
  It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection.
  You can download SpywareGuard here
  A tutorial can be found here
• IE-SPYAD
  IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites.
  You can download IE-SPYAD here
  A tutorial can be found here
• Hosts File
  A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
  A tutorial tutorial can be found here
  • MVPS Hosts File
    You can download the MVPS Hosts File here
    Furthermore the website contains useful tips and links to other resources and utilities.
  • Bluetack's Hosts File and Hosts Manager
    Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites, sites responsible for hijacks, rogue apllications etc...
    Download Bluetack's Hosts file here
    Download Bluetack's HostsManager here

Free Spyware Detection and Removal Programs

• Ad-Aware
  It scans for known spyware on your computer. These scans should be run at least once every two weeks.
  You can download Ad-Aware here
  A tutorial can be found here
• Spybot - Search & Destroy
  It scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer.
  You can download Spybot - S&D here
  A tutorial can be found here

Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware".
You will find the list here

Ewido

Realtime protection against these threats:

• Hijackers and Spyware
  Secure surfing in the Internet without fear of annoying changes of the start page of your browser, tracking cookies and advertising bars.
• Worms
  Nobody should receive e-mails in your name with malicious files in the appendix anymore.
• Dialers
  Security against all kinds of dialers. No fear when receiving the next phone bill.
• Trojans and Keyloggers
  No chance for thieves to steal your bank data and personal sensitive information by tapped Internet connections, remote controlled webcams or secret keyboard recordings.

Most of you will have already the trial version of this software, which is an excellent program and particularly good at catching trojans. If you find it useful you might want to consider buying the full program. When the trial period ends the following features will stop working:

• Scheduled scans.
• Real-time monitoring of the entire system.
• Memory Scan detects active threats.
• Self-protection at kernel layer guarantees gapless monitoring.
• Automatic online-update.

The manual memory scan will work in the free version and you can manually update the definitions by clicking on the "Start Update" button under Manual update in the update module.

You can download Ewido here
Ewido manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that Ewido is closed before installing the update.

WinPatrol

WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files.

• Detect & Neutralize Spyware.
• Detect & Neutralize ADware.
• Detect & Neutralize Viral infections.
• Detect & Neutralize Unwanted IE Add-Ons.
• Detect & Restore File Type Changes.
• Automatically Filter Unwanted Cookies.
• Avoid Start Page Hijacking.
• Detect changes to HOSTS & critical system files.
• Kill Multiple Tasks that replicate each other, in a single step!
• Stop programs that repeatedly add themselves to your Startup List!

Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like.
You can download WinPatrol here
WinPatrol FAQ

SiteHound by Firetrust

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

SiteHound will alert you when you enter a site which is known to contain:

• Fraudulent claims or scams
• Offensive material
• Security vulnerabilities
• Spyware or Adware
• Spam related material
• or other content deemed to be unsafe

Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

System Requirements:
Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

Product Info & Download: SiteHound Toolbar

For advanced users : ProcessGuard

ProcessGuard blocks rootkits, prevents spyware, guards your computer from DLL trojans...
For more information take a moment to read the Introduction and the Known Attacks information pages.
You can download Process Guard here

Use an AntiVirus Software

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs.
Computer Safety On line - Anti-Virus
http://forum.malwareremoval.com/viewtopic.php?p=53#53

Update your Anti Virus Software

It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall

I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below.
Computer Safety On line - Software Firewalls
http://forum.malwareremoval.com/viewtopic.php?p=56#56
A tutorial on Understanding and Using Firewalls can be found here

Additional Information

For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link.

A very nice collection of tutorials is available at Bleeping Computer
http://www.bleepingcomputer.com/tutorials/

Finally, after following up on all these recommendations, why not run Jason Levine's Browser Security Tests ?
They will provide you with an insight on how vulnerable you might still be to a number of common exploits.
http://www.jasons-toolbox.com/BrowserSecurity/

Happy surf

Kim

thanx allot for taking ur time kimb

i will try most of these programs now,

i didnt know that there was a newer version of java than update 6 :S but the site is down for downloading now.. try later..

but there were allot of good tips u just gave me

i will let u know how it works..


neo4132

Hi!

when i tried to innstall the programs the com got crazy, using all my cpu again :S

its the svchost.exe that is using 100% of the cpu, i dont know why.. it happend when ive innstalled the programs..

what should i do?

Hi neo4132,

A little more info should be welcome. Which programs did you install and if possible when did the svchost.exe cpu usage go up again ? After the install of which program ?

Kim

i did innstall a program called SuperAntiSpyware, SpywareGuard, ProcessGuard, Spybot and Adware..

but i think it was after the innstall of either Super and ProcessGuard..

but after the innstall of the programs..

is there anyway to shut svchost.exe down perm or is that bad?

Hi kimb!

suddently my com is normal again... dont know how but,

i think it could hve something to do with the Trend antivirus web site filter block..

cause now i have low cpu when logging in, internett is not slow etc.. so it could be it, but what do u think?

im gonna try put it back on, see what happends..

Might be, see your first post and my answer on the high CPU
http://www.bluetack.co.uk/forums/index.php...ost&p=72786

Looks like Trend is causing the lag, if you have to many sites, ads ... in the filter, your PC is gonna crawl. Same happens with other antivirus software that is able to block ads. If the list / rules of stuff to check in a webpage becomes huge, your pc slows down.

btw, if Ewido real protection is active, your gonna feel a slowdown too when opening webpages.

looks like i was right about Trend.. now im using Spybot Tea timer, would that do the trick?

cause when i visit thepiratebay.org and go to sub pages, i get moved to another page that has something to do with reg cleaning etc.. also getting some spyware shit.. but that doesnt happend with the filter on, would spybot do the trick to?

or do u have another program that can stop that?

is the kaspersky online scanner going to get up sometime?

Hi kimb!

breaking news my Svchost.exe is starting to use all the cpu again, possible viruses TSPY_Agent.TQ and Tspy_Cimuz , Trojans that shows up in online scan allot..

could be the reason.. what can we do?

what i can tell now, is that i think that this file is the cause of this: C:/windows/system32/svchost -k rpcss, cause this i cant deactivate :S dont know why...

or what do u think?

my computer is clean as hell now to, so whats causing this i dont know..

nothing happens either when i close this svchost.exe

and this shows as networkservice in the task manager..

hi, me again..

i scanned my pc with something called malware sweeper, found one hijacker- unknown, downloader-acc - trojan that i maybe can get removed with mcafee, coolwebsearch- cws.msconfig removed with trend micro cwshredder, and som cookies..

online mcafee also detected Adware-Url.gen - Battlefield2 and gamespy arcade, but thats harmless i think..

let u know if theres something else..

can post a new hijack this log tomorrow..

Hi neo4132,

Sorry for not getting back earlier, I had a busy week.


You won't be able to disable or delete that, it's an essentiel system process. Without that running, nothing runs on the PC.


No idea, don't think that spybot will help with that. Try a hosts file instead or use the Trend filter.


It's up already, new version running.

Post a hijackthis log and a kav scan, so that I can have a look.

Please do an online scan with Kaspersky Online Scanner

Notice!
A new version of Kaspersky Virus Scanner has been released on August 8, 2006. If you have installed a previous version, you must unistall that program first before installing the new version. To uninstall, please go to the computer control panel and select "Add/Remove Programs." Close all Internet Explorer windows before uninstalling the Kaspersky Online Scanner.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
• Once the scanner is installed and the definitions downloaded, click Next.
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    • Extended (If available otherwise Standard)
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK
• Now under select a target to scan select My Computer
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
• Now click on the Save Report As button:
  • Save the file to your desktop.
  • File Type: Text file (*.txt).
  • Name: Kav.txt for example
• Copy and paste that information in your next post.

Kim

HI!

I know what causes the CPU to blow up.. DNS CLIENT - with svchost - networkservice

dont know whats connected to this, but i have deactivated this, and the cpu has been normal all the time..

Im gonna try run the kaspersky in safe mode some day soon, let u know

Following report not runned in safe mode..

Hello neo4132

Oh, dunno if the trend proxy uses that to filter but you can get spikes if a hosts file is installed ... big hosts file can cause this, that's why we advice to set the DNS service to manual or even disabled.

See : http://www.bluetack.co.uk/forums/index.php?showtopic=8406

If you don't use a big hosts file, thanks for letting me know that trend proxy could cause this too.

KAV log is clean, no need to run it in safe mode.

yep, that could be it kimb

not running any host file now i think...