TheTechGuide Forum
General Category => Tech Clinic => Topic started by: jen3ca on October 05, 2006, 06:49:25 PM
-
Hey, hope you can help. I have win xp, 40 GB hard drive with around 38 GB free space.
The problem i am having is my computer is running extremly slow, it takes it 20 min to log into win when normally it would have taken 2 seconds, programs take forever to load and frequently quit responding. I have downloaded some security updates from microsoft, i had to get some drivers for some of my devices. Here is my high jack this log and an install/uninstall list. Anyway help would be greatly appreciated
Logfile of HijackThis v1.99.1
Scan saved at 7:45:43 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Iomega\AutoDisk\ADService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\system32\RunDll32.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\WINDOWS\system32\wuauclt.exe
D:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/ (http://\"http://www.yahoo.ca/\")
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ADUserMon] D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159153413650 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159153413650\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{66312B72-8C3B-4CBC-82A5-E4D6FDE61554}: NameServer = 216.168.96.13 216.168.96.10
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - D:\Program Files\Iomega\AutoDisk\ADService.exe
Active Disk
Ad-Aware SE Personal
Adobe Flash Player 9
avast! Antivirus
CleanUp!
C-Media WDM Audio Driver
Filzip 3.06
FrostWire
HijackThis 1.99.1
IomegaWare 4.0.2
J2SE Runtime Environment 5.0 Update 6
Messenger Plus! 3
Microsoft Office XP Professional with FrontPage
MSN Messenger 7.5
Nero - Burning Rom
Panda ActiveScan
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
SiS 900 PCI Fast Ethernet Adapter Driver
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
-
I'm not seeing nothing bad there
Can you do the following for me please
Download and save too desktop
F-Secure Blacklight(blbeta.exe) (http://\"https://europe.f-secure.com/exclude/blacklight/blbeta.exe\")
Double click to run blbeta.exe
* Accept the user agreement.
* Click Scan.
* After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log
BlackLight will create a log on your desktop with the name "fsbl-xxxxxxx.log".
With that log
Also
Download GMER from here:
http://www.gmer.net/gmer.zip (http://\"http://www.gmer.net/gmer.zip\")
Unzip it to the desktop.
Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Let's just eliminate hidden problems please
-
Here the log file for blbeta and gmer
10/05/06 22:48:44 [Info]: BlackLight Engine 1.0.47 initialized
10/05/06 22:48:44 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/05/06 22:48:44 [Note]: 7019 4
10/05/06 22:48:44 [Note]: 7005 0
10/05/06 22:48:49 [Note]: 7006 0
10/05/06 22:48:49 [Note]: 7011 1128
10/05/06 22:48:49 [Note]: 7026 0
10/05/06 22:48:50 [Note]: 7026 0
10/05/06 22:49:03 [Note]: FSRAW library version 1.7.1020
10/05/06 22:52:38 [Note]: 7007 0
GMER 1.0.11.11390 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit 2006-10-05 23:20:53
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.11 ----
INT 0x00 \WINDOWS\system32\ntoskrnl.exe 804DF350
INT 0x01 \WINDOWS\system32\ntoskrnl.exe 804DF4CB
INT 0x03 \WINDOWS\system32\ntoskrnl.exe 804DF89D
INT 0x04 \WINDOWS\system32\ntoskrnl.exe 804DFA20
INT 0x05 \WINDOWS\system32\ntoskrnl.exe 804DFB81
INT 0x06 \WINDOWS\system32\ntoskrnl.exe 804DFD02
INT 0x07 \WINDOWS\system32\ntoskrnl.exe 804E036A
INT 0x09 \WINDOWS\system32\ntoskrnl.exe 804E078F
INT 0x0A \WINDOWS\system32\ntoskrnl.exe 804E08AC
INT 0x0B \WINDOWS\system32\ntoskrnl.exe 804E09E9
INT 0x0C \WINDOWS\system32\ntoskrnl.exe 804E0C42
INT 0x0D \WINDOWS\system32\ntoskrnl.exe 804E0F38
INT 0x0E \WINDOWS\system32\ntoskrnl.exe 804E164F
INT 0x0F \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x10 \WINDOWS\system32\ntoskrnl.exe 804E1A99
INT 0x11 \WINDOWS\system32\ntoskrnl.exe 804E1BCE
INT 0x12 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x13 \WINDOWS\system32\ntoskrnl.exe 804E1D34
INT 0x14 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x15 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x16 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x17 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x18 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x19 \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1A \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1B \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1C \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1D \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1E \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x1F \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x2A \WINDOWS\system32\ntoskrnl.exe 804DEB92
INT 0x2B \WINDOWS\system32\ntoskrnl.exe 804DEC95
INT 0x2C \WINDOWS\system32\ntoskrnl.exe 804DEE34
INT 0x2D \WINDOWS\system32\ntoskrnl.exe 804DF77C
INT 0x2E \WINDOWS\system32\ntoskrnl.exe 804DE631
INT 0x2F \WINDOWS\system32\ntoskrnl.exe 804E197C
INT 0x30 \WINDOWS\system32\hal.dll 806F2D50
INT 0x32 \WINDOWS\system32\ntoskrnl.exe 804DDD04
INT 0x33 \WINDOWS\system32\ntoskrnl.exe 804DDD0E
INT 0x36 \WINDOWS\system32\ntoskrnl.exe 804DDD2C
INT 0x37 \WINDOWS\system32\ntoskrnl.exe 804DDD36
INT 0x38 \WINDOWS\system32\hal.dll 806ECEF0
INT 0x3D \WINDOWS\system32\ntoskrnl.exe 804DDD72
INT 0x40 \WINDOWS\system32\ntoskrnl.exe 804DDD90
INT 0x41 \WINDOWS\system32\ntoskrnl.exe 804DDD9A
INT 0x42 \WINDOWS\system32\ntoskrnl.exe 804DDDA4
INT 0x43 \WINDOWS\system32\ntoskrnl.exe 804DDDAE
INT 0x44 \WINDOWS\system32\ntoskrnl.exe 804DDDB8
INT 0x45 \WINDOWS\system32\ntoskrnl.exe 804DDDC2
INT 0x46 \WINDOWS\system32\ntoskrnl.exe 804DDDCC
INT 0x47 \WINDOWS\system32\ntoskrnl.exe 804DDDD6
INT 0x48 \WINDOWS\system32\ntoskrnl.exe 804DDDE0
INT 0x49 \WINDOWS\system32\ntoskrnl.exe 804DDDEA
INT 0x4A \WINDOWS\system32\ntoskrnl.exe 804DDDF4
INT 0x4B \WINDOWS\system32\ntoskrnl.exe 804DDDFE
INT 0x4C \WINDOWS\system32\ntoskrnl.exe 804DDE08
INT 0x4D \WINDOWS\system32\ntoskrnl.exe 804DDE12
INT 0x4E \WINDOWS\system32\ntoskrnl.exe 804DDE1C
INT 0x4F \WINDOWS\system32\ntoskrnl.exe 804DDE26
INT 0x50 \WINDOWS\system32\ntoskrnl.exe 804DDE30
INT 0x51 \WINDOWS\system32\ntoskrnl.exe 804DDE3A
INT 0x52 \WINDOWS\system32\ntoskrnl.exe 804DDE44
INT 0x53 \WINDOWS\system32\ntoskrnl.exe 804DDE4E
INT 0x54 \WINDOWS\system32\ntoskrnl.exe 804DDE58
INT 0x55 \WINDOWS\system32\ntoskrnl.exe 804DDE62
INT 0x56 \WINDOWS\system32\ntoskrnl.exe 804DDE6C
INT 0x57 \WINDOWS\system32\ntoskrnl.exe 804DDE76
INT 0x58 \WINDOWS\system32\ntoskrnl.exe 804DDE80
INT 0x59 \WINDOWS\system32\ntoskrnl.exe 804DDE8A
INT 0x5A \WINDOWS\system32\ntoskrnl.exe 804DDE94
INT 0x5B \WINDOWS\system32\ntoskrnl.exe 804DDE9E
INT 0x5C \WINDOWS\system32\ntoskrnl.exe 804DDEA8
INT 0x5D \WINDOWS\system32\ntoskrnl.exe 804DDEB2
INT 0x5E \WINDOWS\system32\ntoskrnl.exe 804DDEBC
INT 0x5F \WINDOWS\system32\ntoskrnl.exe 804DDEC6
INT 0x60 \WINDOWS\system32\ntoskrnl.exe 804DDED0
INT 0x61 \WINDOWS\system32\ntoskrnl.exe 804DDEDA
INT 0x62 \WINDOWS\system32\ntoskrnl.exe 804DDEE4
INT 0x63 \WINDOWS\system32\ntoskrnl.exe 804DDEEE
INT 0x64 \WINDOWS\system32\ntoskrnl.exe 804DDEF8
INT 0x65 \WINDOWS\system32\ntoskrnl.exe 804DDF02
INT 0x66 \WINDOWS\system32\ntoskrnl.exe 804DDF0C
INT 0x67 \WINDOWS\system32\ntoskrnl.exe 804DDF16
INT 0x68 \WINDOWS\system32\ntoskrnl.exe 804DDF20
INT 0x69 \WINDOWS\system32\ntoskrnl.exe 804DDF2A
INT 0x6A \WINDOWS\system32\ntoskrnl.exe 804DDF34
INT 0x6B \WINDOWS\system32\ntoskrnl.exe 804DDF3E
INT 0x6C \WINDOWS\system32\ntoskrnl.exe 804DDF48
INT 0x6D \WINDOWS\system32\ntoskrnl.exe 804DDF52
INT 0x6E \WINDOWS\system32\ntoskrnl.exe 804DDF5C
INT 0x6F \WINDOWS\system32\ntoskrnl.exe 804DDF66
INT 0x70 \WINDOWS\system32\ntoskrnl.exe 804DDF70
INT 0x71 \WINDOWS\system32\ntoskrnl.exe 804DDF7A
INT 0x72 \WINDOWS\system32\ntoskrnl.exe 804DDF84
INT 0x73 \WINDOWS\system32\ntoskrnl.exe 804DDF8E
INT 0x74 \WINDOWS\system32\ntoskrnl.exe 804DDF98
INT 0x75 \WINDOWS\system32\ntoskrnl.exe 804DDFA2
INT 0x76 \WINDOWS\system32\ntoskrnl.exe 804DDFAC
INT 0x77 \WINDOWS\system32\ntoskrnl.exe 804DDFB6
INT 0x78 \WINDOWS\system32\ntoskrnl.exe 804DDFC0
INT 0x79 \WINDOWS\system32\ntoskrnl.exe 804DDFCA
INT 0x7A \WINDOWS\system32\ntoskrnl.exe 804DDFD4
INT 0x7B \WINDOWS\system32\ntoskrnl.exe 804DDFDE
INT 0x7C \WINDOWS\system32\ntoskrnl.exe 804DDFE8
INT 0x7D \WINDOWS\system32\ntoskrnl.exe 804DDFF2
INT 0x7E \WINDOWS\system32\ntoskrnl.exe 804DDFFC
INT 0x7F \WINDOWS\system32\ntoskrnl.exe 804DE006
INT 0x80 \WINDOWS\system32\ntoskrnl.exe 804DE010
INT 0x81 \WINDOWS\system32\ntoskrnl.exe 804DE01A
INT 0x82 \WINDOWS\system32\ntoskrnl.exe 804DE024
INT 0x83 \WINDOWS\system32\ntoskrnl.exe 804DE02E
INT 0x84 \WINDOWS\system32\ntoskrnl.exe 804DE038
INT 0x85 \WINDOWS\system32\ntoskrnl.exe 804DE042
INT 0x86 \WINDOWS\system32\ntoskrnl.exe 804DE04C
INT 0x87 \WINDOWS\system32\ntoskrnl.exe 804DE056
INT 0x88 \WINDOWS\system32\ntoskrnl.exe 804DE060
INT 0x89 \WINDOWS\system32\ntoskrnl.exe 804DE06A
INT 0x8A \WINDOWS\system32\ntoskrnl.exe 804DE074
INT 0x8B \WINDOWS\system32\ntoskrnl.exe 804DE07E
INT 0x8C \WINDOWS\system32\ntoskrnl.exe 804DE088
INT 0x8D \WINDOWS\system32\ntoskrnl.exe 804DE092
INT 0x8E \WINDOWS\system32\ntoskrnl.exe 804DE09C
INT 0x8F \WINDOWS\system32\ntoskrnl.exe 804DE0A6
INT 0x90 \WINDOWS\system32\ntoskrnl.exe 804DE0B0
INT 0x91 \WINDOWS\system32\ntoskrnl.exe 804DE0BA
INT 0x92 \WINDOWS\system32\ntoskrnl.exe 804DE0C4
INT 0x93 \WINDOWS\system32\ntoskrnl.exe 804DE0CE
INT 0x94 \WINDOWS\system32\ntoskrnl.exe 804DE0D8
INT 0x95 \WINDOWS\system32\ntoskrnl.exe 804DE0E2
INT 0x96 \WINDOWS\system32\ntoskrnl.exe 804DE0EC
INT 0x97 \WINDOWS\system32\ntoskrnl.exe 804DE0F6
INT 0x98 \WINDOWS\system32\ntoskrnl.exe 804DE100
INT 0x99 \WINDOWS\system32\ntoskrnl.exe 804DE10A
INT 0x9A \WINDOWS\system32\ntoskrnl.exe 804DE114
INT 0x9B \WINDOWS\system32\ntoskrnl.exe 804DE11E
INT 0x9C \WINDOWS\system32\ntoskrnl.exe 804DE128
INT 0x9D \WINDOWS\system32\ntoskrnl.exe 804DE132
INT 0x9E \WINDOWS\system32\ntoskrnl.exe 804DE13C
INT 0x9F \WINDOWS\system32\ntoskrnl.exe 804DE146
INT 0xA0 \WINDOWS\system32\ntoskrnl.exe 804DE150
INT 0xA1 \WINDOWS\system32\ntoskrnl.exe 804DE15A
INT 0xA2 \WINDOWS\system32\ntoskrnl.exe 804DE164
INT 0xA3 \WINDOWS\system32\ntoskrnl.exe 804DE16E
INT 0xA4 \WINDOWS\system32\ntoskrnl.exe 804DE178
INT 0xA5 \WINDOWS\system32\ntoskrnl.exe 804DE182
INT 0xA6 \WINDOWS\system32\ntoskrnl.exe 804DE18C
INT 0xA7 \WINDOWS\system32\ntoskrnl.exe 804DE196
INT 0xA8 \WINDOWS\system32\ntoskrnl.exe 804DE1A0
INT 0xA9 \WINDOWS\system32\ntoskrnl.exe 804DE1AA
INT 0xAA \WINDOWS\system32\ntoskrnl.exe 804DE1B4
INT 0xAB \WINDOWS\system32\ntoskrnl.exe 804DE1BE
INT 0xAC \WINDOWS\system32\ntoskrnl.exe 804DE1C8
INT 0xAD \WINDOWS\system32\ntoskrnl.exe 804DE1D2
INT 0xAE \WINDOWS\system32\ntoskrnl.exe 804DE1DC
INT 0xAF \WINDOWS\system32\ntoskrnl.exe 804DE1E6
INT 0xB0 \WINDOWS\system32\ntoskrnl.exe 804DE1F0
INT 0xB1 \WINDOWS\system32\ntoskrnl.exe 804DE1FA
INT 0xB2 \WINDOWS\system32\ntoskrnl.exe 804DE204
INT 0xB3 \WINDOWS\system32\ntoskrnl.exe 804DE20E
INT 0xB4 \WINDOWS\system32\ntoskrnl.exe 804DE218
INT 0xB5 \WINDOWS\system32\ntoskrnl.exe 804DE222
INT 0xB6 \WINDOWS\system32\ntoskrnl.exe 804DE22C
INT 0xB7 \WINDOWS\system32\ntoskrnl.exe 804DE236
INT 0xB8 \WINDOWS\system32\ntoskrnl.exe 804DE240
INT 0xB9 \WINDOWS\system32\ntoskrnl.exe 804DE24A
INT 0xBA \WINDOWS\system32\ntoskrnl.exe 804DE254
INT 0xBB \WINDOWS\system32\ntoskrnl.exe 804DE25E
INT 0xBC \WINDOWS\system32\ntoskrnl.exe 804DE268
INT 0xBD \WINDOWS\system32\ntoskrnl.exe 804DE272
INT 0xBE \WINDOWS\system32\ntoskrnl.exe 804DE27C
INT 0xBF \WINDOWS\system32\ntoskrnl.exe 804DE286
INT 0xC0 \WINDOWS\system32\ntoskrnl.exe 804DE290
INT 0xC1 \WINDOWS\system32\ntoskrnl.exe 804DE29A
INT 0xC2 \WINDOWS\system32\ntoskrnl.exe 804DE2A4
INT 0xC3 \WINDOWS\system32\ntoskrnl.exe 804DE2AE
INT 0xC4 \WINDOWS\system32\ntoskrnl.exe 804DE2B8
INT 0xC5 \WINDOWS\system32\ntoskrnl.exe 804DE2C2
INT 0xC6 \WINDOWS\system32\ntoskrnl.exe 804DE2CC
INT 0xC7 \WINDOWS\system32\ntoskrnl.exe 804DE2D6
INT 0xC8 \WINDOWS\system32\ntoskrnl.exe 804DE2E0
INT 0xC9 \WINDOWS\system32\ntoskrnl.exe 804DE2EA
INT 0xCA \WINDOWS\system32\ntoskrnl.exe 804DE2F4
INT 0xCB \WINDOWS\system32\ntoskrnl.exe 804DE2FE
INT 0xCC \WINDOWS\system32\ntoskrnl.exe 804DE308
INT 0xCD \WINDOWS\system32\ntoskrnl.exe 804DE312
INT 0xCE \WINDOWS\system32\ntoskrnl.exe 804DE31C
INT 0xCF \WINDOWS\system32\ntoskrnl.exe 804DE326
INT 0xD0 \WINDOWS\system32\ntoskrnl.exe 804DE330
INT 0xD1 \WINDOWS\system32\ntoskrnl.exe 804DE33A
INT 0xD2 \WINDOWS\system32\ntoskrnl.exe 804DE344
INT 0xD3 \WINDOWS\system32\ntoskrnl.exe 804DE34E
INT 0xD4 \WINDOWS\system32\ntoskrnl.exe 804DE358
INT 0xD5 \WINDOWS\system32\ntoskrnl.exe 804DE362
INT 0xD6 \WINDOWS\system32\ntoskrnl.exe 804DE36C
INT 0xD7 \WINDOWS\system32\ntoskrnl.exe 804DE376
INT 0xD8 \WINDOWS\system32\ntoskrnl.exe 804DE380
INT 0xD9 \WINDOWS\system32\ntoskrnl.exe 804DE38A
INT 0xDA \WINDOWS\system32\ntoskrnl.exe 804DE394
INT 0xDB \WINDOWS\system32\ntoskrnl.exe 804DE39E
INT 0xDC \WINDOWS\system32\ntoskrnl.exe 804DE3A8
INT 0xDD \WINDOWS\system32\ntoskrnl.exe 804DE3B2
INT 0xDE \WINDOWS\system32\ntoskrnl.exe 804DE3BC
INT 0xDF \WINDOWS\system32\ntoskrnl.exe 804DE3C6
INT 0xE0 \WINDOWS\system32\ntoskrnl.exe 804DE3D0
INT 0xE1 \WINDOWS\system32\ntoskrnl.exe 804DE3DA
INT 0xE2 \WINDOWS\system32\ntoskrnl.exe 804DE3E4
INT 0xE3 \WINDOWS\system32\ntoskrnl.exe 804DE3EE
INT 0xE4 \WINDOWS\system32\ntoskrnl.exe 804DE3F8
INT 0xE5 \WINDOWS\system32\ntoskrnl.exe 804DE402
INT 0xE6 \WINDOWS\system32\ntoskrnl.exe 804DE40C
INT 0xE7 \WINDOWS\system32\ntoskrnl.exe 804DE416
INT 0xE8 \WINDOWS\system32\ntoskrnl.exe 804DE420
INT 0xE9 \WINDOWS\system32\ntoskrnl.exe 804DE42A
INT 0xEA \WINDOWS\system32\ntoskrnl.exe 804DE434
INT 0xEB \WINDOWS\system32\ntoskrnl.exe 804DE43E
INT 0xEC \WINDOWS\system32\ntoskrnl.exe 804DE448
INT 0xED \WINDOWS\system32\ntoskrnl.exe 804DE452
INT 0xEE \WINDOWS\system32\ntoskrnl.exe 804DE459
INT 0xEF \WINDOWS\system32\ntoskrnl.exe 804DE460
INT 0xF0 \WINDOWS\system32\ntoskrnl.exe 804DE467
INT 0xF1 \WINDOWS\system32\ntoskrnl.exe 804DE46E
INT 0xF2 \WINDOWS\system32\ntoskrnl.exe 804DE475
INT 0xF3 \WINDOWS\system32\ntoskrnl.exe 804DE47C
INT 0xF4 \WINDOWS\system32\ntoskrnl.exe 804DE483
INT 0xF5 \WINDOWS\system32\ntoskrnl.exe 804DE48A
INT 0xF6 \WINDOWS\system32\ntoskrnl.exe 804DE491
INT 0xF7 \WINDOWS\system32\ntoskrnl.exe 804DE498
INT 0xF8 \WINDOWS\system32\ntoskrnl.exe 804DE49F
INT 0xF9 \WINDOWS\system32\ntoskrnl.exe 804DE4A6
INT 0xFA \WINDOWS\system32\ntoskrnl.exe 804DE4AD
INT 0xFB \WINDOWS\system32\ntoskrnl.exe 804DE4B4
INT 0xFC \WINDOWS\system32\ntoskrnl.exe 804DE4BB
INT 0xFD \WINDOWS\system32\ntoskrnl.exe 804DE4C2
INT 0xFE \WINDOWS\system32\ntoskrnl.exe 804DE4C9
INT 0xFF \WINDOWS\system32\ntoskrnl.exe 804DE4D0
SYSENTER \WINDOWS\system32\ntoskrnl.exe 804DE6F0
---- Devices - GMER 1.0.11 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F9D64E37] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F9D64320] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F9D41EE4] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F9D40BCA] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F9D654D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F9D42A58] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F9D654D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F9D654D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F9D6AA68] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F9D6561C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F9D6561C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F9D672C3] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F9D6C6D5] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F9D6561C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F9D53621] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F9DB8B11] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F9D64CEE] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F9D6561C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F9D6561C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [805031BE] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F9D654D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F9D654D1] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP [F9D83F3F] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoCheckIfPossible [F9D7B5AC] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoRead [F9D5FB85] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoWrite [F9D6B097] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryBasicInfo [F9D6421A] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryStandardInfo [F9D640AE] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoLock [F9D6BA4D] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockSingle [F9D6BB53] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockAll [F9DB871C] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoUnlockAllByKey [F9DB8861] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs AcquireFileForNtCreateSection [F9D5F8BA] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs ReleaseFileForNtCreateSection [F9D5F901] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs FastIoQueryNetworkOpenInfo [F9DA6E89] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs AcquireForModWrite [F9D6B855] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs MdlRead [F9DA6F9D] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs MdlReadComplete [8052B470] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs PrepareMdlWrite [F9DA7317] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs MdlWriteComplete [806109FF] ntoskrnl.exe
Device \FileSystem\Ntfs \Ntfs FastIoQueryOpen [F9D63EE8] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs AcquireForCcFlush [F9D5F762] Ntfs.sys
Device \FileSystem\Ntfs \Ntfs ReleaseForCcFlush [F9D5F788] Ntfs.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE [F9CFCA80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_NAMED_PIPE [F9CFCA80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLOSE [F9D01A76] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_READ [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_WRITE [F9CFE159] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_INFORMATION [F9D09B88] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_INFORMATION [F9D09DF2] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_EA [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_EA [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FLUSH_BUFFERS [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_VOLUME_INFORMATION [F9D0E492] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_VOLUME_INFORMATION [F9D0E585] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DIRECTORY_CONTROL [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_FILE_SYSTEM_CONTROL [F9D015D2] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CONTROL [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SHUTDOWN [F9D0933D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_LOCK_CONTROL [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CLEANUP [F9D01AB9] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_CREATE_MAILSLOT [F9CFCA80] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_SECURITY [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_SECURITY [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_POWER [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SYSTEM_CONTROL [F9CF835A] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_DEVICE_CHANGE [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_QUERY_QUOTA [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_SET_QUOTA [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs IRP_MJ_PNP [F9CF952D] Mup.sys
Device \FileSystem\Mup \Dfs FastIoCheckIfPossible [F9D094F7] Mup.sys
Device \FileSystem\Mup \Dfs FastIoRead [F9D09542] Mup.sys
Device \FileSystem\Mup \Dfs FastIoWrite [F9D0958D] Mup.sys
Device \FileSystem\Mup \Dfs FastIoQueryBasicInfo [F9D095D8] Mup.sys
Device \FileSystem\Mup \Dfs FastIoQueryStandardInfo [F9D0961A] Mup.sys
Device \FileSystem\Mup \Dfs FastIoLock [F9D0965C] Mup.sys
Device \FileSystem\Mup \Dfs FastIoUnlockSingle [F9D096AA] Mup.sys
Device \FileSystem\Mup \Dfs FastIoUnlockAll [F9D096F2] Mup.sys
Device \FileSystem\Mup \Dfs FastIoUnlockAllByKey [F9D09731] Mup.sys
Device \FileSystem\Mup \Dfs FastIoDetachDevice [F9D09773] Mup.sys
Device \FileSystem\Mup \Dfs FastIoQueryNetworkOpenInfo [F9D0977B] Mup.sys
Device \FileSystem\Mup \Dfs MdlRead [F9D097C6] Mup.sys
Device \FileSystem\Mup \Dfs MdlReadComplete [F9D09827] Mup.sys
Device \FileSystem\Mup \Dfs PrepareMdlWrite [F9D09870] Mup.sys
Device \FileSystem\Mup \Dfs MdlWriteComplete [F9D098D1] Mup.sys
Device \FileSystem\Mup \Dfs FastIoReadCompressed [F9D09920] Mup.sys
Device \FileSystem\Mup \Dfs FastIoWriteCompressed [F9D0997A] Mup.sys
Device \FileSystem\Mup \Dfs MdlReadCompleteCompressed [F9D099D4] Mup.sys
Device \FileSystem\Mup \Dfs MdlWriteCompleteCompressed [F9D09A10] Mup.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE [F9DD2D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLOSE [F9DD2D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_READ [F9DD2D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_WRITE [F9DD2D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_INFORMATION [F9DD2D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_EA [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_EA [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FLUSH_BUFFERS [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_VOLUME_INFORMATION [F9DD2D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_VOLUME_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DIRECTORY_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_FILE_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CONTROL [F9DD2D62] KSecDD.sys
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_INTERNAL_DEVICE_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SHUTDOWN [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_LOCK_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CLEANUP [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_CREATE_MAILSLOT [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_SECURITY [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_SECURITY [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_POWER [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_DEVICE_CHANGE [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_QUERY_QUOTA [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_SET_QUOTA [805031BE] ntoskrnl.exe
Device \Driver\KSecDD \Device\KsecDD IRP_MJ_PNP [805031BE] ntoskrnl.exe
Device \Device\00000019
Device \Device\00000025
Device \Device\00000032
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE [FA3CA46A] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CLOSE [FA3CA4B8] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_READ [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_WRITE [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_EA [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_EA [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_FLUSH_BUFFERS [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_VOLUME_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_VOLUME_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DIRECTORY_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_FILE_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CONTROL [FA3CA400] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_INTERNAL_DEVICE_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SHUTDOWN [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_LOCK_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_CLEANUP [FA3CA354] Beep.SYS
Device \Driver\Beep \Device\Beep IRP_MJ_CREATE_MAILSLOT [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_SECURITY [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_SECURITY [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_POWER [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SYSTEM_CONTROL [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_DEVICE_CHANGE [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_QUERY_QUOTA [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_SET_QUOTA [805031BE] ntoskrnl.exe
Device \Driver\Beep \Device\Beep IRP_MJ_PNP [805031BE] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE [F5FAB4A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CREATE_NAMED_PIPE [805031BE] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_CLOSE [F5FAB4A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_READ [F5FAB4A0] HSF_FSKS.sys
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_WRITE [805031BE] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_SET_INFORMATION [805031BE] ntoskrnl.exe
Device \Driver\Fsks \Device\FSKS0 IRP_MJ_QUERY_EA
-
Did you put a check in Show all before you ran the Gmer scan?
I DID NOT want you to do that
The scan takes forever and is very very long
Here's the instructions I gave
Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.
Run Gmer.exe again, UNCHECK or DON'T check "Show all"
Then run the scan
When it's done>>Select copy and then paste the log back back here in a reply
-
sorry, I unchecked show all and it found nothing
-
I don't see nothing in either logs then
What drivers did you update?
Where did you get the drivers from?
Can I see one more log from Hijackthis
Open Hijackthis>>Open Misc tools section
Beside 'Generate a Staruplist'
Check the following
List all minor sections(full)
and
List empty sections(complete)
Afterwards click the button Generate a Staruplist
Click Yes to the prompt
A text file will open
Copy>>Paste back here the whole contents please
-
here is the startup list
StartupList report, 10/6/2006, 11:11:19 AM
StartupList version: 1.52.2
Started from : D:\HJT\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\system32\RunDll32.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Iomega\AutoDisk\ADService.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\HJT\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[D:\Documents and Settings\Jen\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[D:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = D:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
type32 = "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
IntelliPoint = "D:\Program Files\Microsoft IntelliPoint\point32.exe"
avast! = D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
ADUserMon = D:\Program Files\Iomega\AutoDisk\ADUserMon.exe
Iomega Drive Icons = D:\Program Files\Iomega\DriveIcons\ImgIcon.exe
Deskup = D:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
SunJavaUpdateSched = D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
MessengerPlus3 = "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = D:\WINDOWS\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = D:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from D:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from D:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=D:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
D:\WINDOWS\Explorer.exe: PRESENT!
D:\WINDOWS\Explorer\Explorer.exe: not present
D:\WINDOWS\System\Explorer.exe: not present
D:\WINDOWS\System32\Explorer.exe: not present
D:\WINDOWS\Command\Explorer.exe: not present
D:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in D:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - D:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[Office Update Installation Engine]
InProcServer32 = D:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc3.cab (http://\"http://office.microsoft.com/officeupdate/content/opuc3.cab\")
[MUWebControl Class]
InProcServer32 = D:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftupdat...b?1159153413650 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159153413650\")
[Java Plug-in]
InProcServer32 = D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab\")
[ActiveScan Installer Class]
InProcServer32 = D:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
[Java Plug-in]
InProcServer32 = D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab\")
[Java Plug-in 1.5.0_06]
InProcServer32 = D:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (http://\"http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab\")
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: D:\WINDOWS\System32\mswsock.dll
NameSpace #2: D:\WINDOWS\System32\winrnr.dll
NameSpace #3: D:\WINDOWS\System32\mswsock.dll
NameSpace #4: D:\WINDOWS\System32\nwprovau.dll
Protocol #1: D:\WINDOWS\system32\mswsock.dll
Protocol #2: D:\WINDOWS\system32\mswsock.dll
Protocol #3: D:\WINDOWS\system32\mswsock.dll
Protocol #4: D:\WINDOWS\system32\rsvpsp.dll
Protocol #5: D:\WINDOWS\system32\rsvpsp.dll
Protocol #6: D:\WINDOWS\system32\mswsock.dll
Protocol #7: D:\WINDOWS\system32\mswsock.dll
Protocol #8: D:\WINDOWS\system32\mswsock.dll
Protocol #9: D:\WINDOWS\system32\mswsock.dll
Protocol #10: D:\WINDOWS\system32\mswsock.dll
Protocol #11: D:\WINDOWS\system32\mswsock.dll
Protocol #12: D:\WINDOWS\system32\mswsock.dll
Protocol #13: D:\WINDOWS\system32\mswsock.dll
Protocol #14: D:\WINDOWS\system32\mswsock.dll
Protocol #15: D:\WINDOWS\system32\mswsock.dll
Protocol #16: D:\WINDOWS\system32\mswsock.dll
Protocol #17: D:\WINDOWS\system32\mswsock.dll
Protocol #18: D:\WINDOWS\system32\mswsock.dll
Protocol #19: D:\WINDOWS\system32\mswsock.dll
Protocol #20: D:\WINDOWS\system32\mswsock.dll
Protocol #21: D:\WINDOWS\system32\mswsock.dll
Protocol #22: D:\WINDOWS\system32\mswsock.dll
Protocol #23: D:\WINDOWS\system32\mswsock.dll
Protocol #24: D:\WINDOWS\system32\mswsock.dll
Protocol #25: D:\WINDOWS\system32\mswsock.dll
Protocol #26: D:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
avast! iAVS4 Control Service: "D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
avast! Antivirus: "D:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart)
avast! Mail Scanner: "D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start)
avast! Web Scanner: "D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start)
basic2: System32\DRIVERS\HSF_BSC2.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
MAC Bridge: System32\DRIVERS\bridge.sys (manual start)
MAC Bridge Miniport: System32\DRIVERS\bridge.sys (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: D:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
COM+ System Application: D:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Intel® PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: D:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fallback: System32\DRIVERS\HSF_FALL.sys (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Fsks: System32\DRIVERS\HSF_FSKS.sys (autostart)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
gmer: System32\DRIVERS\gmer.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hsf_msft: System32\DRIVERS\HSF_MSFT.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
IMAPI CD-Burning COM Service: D:\WINDOWS\System32\imapi.exe (manual start)
Iomega Devices Disk Filter Services: System32\DRIVERS\iomdisk.sys (system)
Iomega Activity Disk2: "" (disabled)
Iomega App Services: "D:\PROGRA~1\Iomega\System32\AppServices.exe" (autostart)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
K56: System32\DRIVERS\HSF_K56K.sys (autostart)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: D:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: D:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: D:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Monitor Driver: System32\DRIVERS\NMnt.sys (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: System32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: System32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII Protocol: System32\DRIVERS\nwlnkspx.sys (autostart)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Microsoft IntelliPoint Filter Driver: System32\DRIVERS\point32.sys (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
Iomega Parallel Port Legacy Filter Driver: System32\DRIVERS\ppa3.sys (system)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: D:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Rksample: System32\DRIVERS\HSF_SAMP.sys (manual start)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: system32\DRIVERS\sisgrp.sys (manual start)
SIS AGP Bus Filter: System32\DRIVERS\sisagp.sys (system)
SiSkp: system32\DRIVERS\srvkp.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
SiS PCI Fast Ethernet Adapter Driver for NDIS51: System32\DRIVERS\sisnicxp.sys (manual start)
SoftFax: System32\DRIVERS\HSF_FAXX.sys (autostart)
SpeakerPhone: System32\DRIVERS\HSF_SPKP.sys (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: D:\WINDOWS\System32\dllhost.exe /Processid:{29E90333-1556-4F10-9127-27111098707E} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tones: System32\DRIVERS\HSF_TONE.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
V124: System32\DRIVERS\HSF_V124.sys (autostart)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: D:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Iomega Active Disk: "D:\Program Files\Iomega\AutoDisk\ADService.exe" (autostart)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: D:\WINDOWS\system32\SHELL32.dll
CDBurn: D:\WINDOWS\system32\SHELL32.dll
WebCheck: D:\WINDOWS\System32\webcheck.dll
SysTray: D:\WINDOWS\System32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 32,938 bytes
Report generated in 0.651 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
-
i know one of the drivers was for my sound and there was two more but i dont know what they were for or what the devices names were, i had windows look for the drivers
-
Not seeing nothing bad
I wouldn't be download drivers from Microsoft
Check with the computer manufacturer for updated device drivers
You can try rolling back the most recent driver you installed
If you suspect it's a driver issue
Try rebooting into safe mode, does it load a bit faster?