Command Service and other stuff

**jzaza** · 2007-06-27, 18:49

yes, winvnc is something i installed.

IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtQuerySystemInformation] [10002DA3] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtQuerySystemInformation] [10002DA3] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] [10002DBC] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\system32\msvcr61.dll
IAT C:\Program Files\iPod\bin\iPodService.exe[2180] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\system32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQuerySystemInformation] [10002DA3] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] [10002DBC] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtResumeThread] [10003269] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] [100032F2] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlGetNativeSystemInformation] [10002DA3] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtQuerySystemInformation] [10002DA3] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtQuerySystemInformation] [10002DA3] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!NtQuerySystemInformation] [10002DA3] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtQuerySystemInformation] [10002DA3] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] [10002DBC] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtQuerySystemInformation] [10002DA3] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100031CB] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000322D] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10003116] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000324B] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [100031FC] C:\WINDOWS\System32\msvcr61.dll
IAT C:\WINDOWS\system32\alg.exe[2996] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW]

**jzaza** · 2007-06-27, 18:51

AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F8669980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F86699A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F8669A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F86699E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F86699C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8669980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F86699A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8669A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86699E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F86699C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8669980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F86699A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8669A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86699E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F86699C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8669980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F86699A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION

**jzaza** · 2007-06-27, 18:52

[F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8669A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86699E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F86699C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F8669980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F86699A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F8669A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86699E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F86699C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F8669980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F86699A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F8669A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86699E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F86699C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F8669980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE

**jzaza** · 2007-06-27, 18:53

[F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F86699A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F8669A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86699E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F86699C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F8669980] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F86699A0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F8669A00] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F86699E0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F86699C0] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F8669400] mvstdi5x.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F8669400] mvstdi5x.sys

---- Files - GMER 1.0.13 ----

File C:\WINDOWS\system32\msvcr61
File C:\WINDOWS\system32\msvcr61\cfg.ini
File C:\WINDOWS\system32\msvcr61\in
File C:\WINDOWS\system32\msvcr61\l.dat
File C:\WINDOWS\system32\msvcr61\perflibs__
File C:\WINDOWS\system32\msvcr61\red
File C:\WINDOWS\system32\msvcr61.dll
File C:\WINDOWS\system32\msvcr61.exe

---- EOF - GMER 1.0.13 ----
Logfile of HijackThis v1.99.1
Scan saved at 11:26:08 AM, on 6/27/07
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\RightFax\faxctrl.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\jzeinieh\Desktop\gmer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Visual Studio .NET Components] msvcr61.exe /setup /all
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1230921A-10E7-44F9-A31F-DA7E811FB3A6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crm.beacon.tmp.com/sales_enu/...Bound_mail.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C1DE932-8D89-4C07-BF9C-D8627EDB4849} (Siebel High Interactivity Framework) - http://crm.beacon.tmp.com/sales_enu/..._HI_Client.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172111006824
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prod.corp.ad
O17 - HKLM\Software\..\Telephony: DomainName = prod.corp.ad
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prod.corp.ad
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prod.corp.ad
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

**Shaba** · 2007-06-27, 18:56

Hi

Looks like there are baddies.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\system32\msvcr61.dll

Please post back the results of the scan in your next post.

Do the same for C:\WINDOWS\system32\msvcr61.exe

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/flash/index_en.html

**jzaza** · 2007-06-27, 21:18

just finding msvcr71.

**Shaba** · 2007-06-28, 11:01

Hi

Ok, then we do this:

Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\system32\msvcr61.dll
C:\WINDOWS\system32\msvcr61.exe

Folder::
C:\WINDOWS\system32\msvcr61

Save this as ComboFix-Do.txt

Then drag the ComboFix-Do.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThislog.

Those files should be now here -> C:\Qoobox\Quarantine\C\WINDOWS\system32\

Upload them to virustotal/jotti, if you can find them.

**jzaza** · 2007-06-28, 16:39

Logfile of HijackThis v1.99.1
Scan saved at 09:36, on 2007-06-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\RightFax\faxctrl.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Visual Studio .NET Components] msvcr61.exe /setup /all
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RightFAX Print-to-Fax Driver] C:\Program Files\RightFax\faxctrl.exe
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {1230921A-10E7-44F9-A31F-DA7E811FB3A6} (Siebel Email Support for Microsoft Outlook and Lotus Notes) - http://crm.beacon.tmp.com/sales_enu/...Bound_mail.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1C1DE932-8D89-4C07-BF9C-D8627EDB4849} (Siebel High Interactivity Framework) - http://crm.beacon.tmp.com/sales_enu/..._HI_Client.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1172111006824
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prod.corp.ad
O17 - HKLM\Software\..\Telephony: DomainName = prod.corp.ad
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = prod.corp.ad
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = prod.corp.ad
O21 - SSODL: WinCTL - {009541A0-3B00-1F1C-00F3-040224009C02} - C:\Program Files\Common Files\winctl.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)

**jzaza** · 2007-06-28, 16:42

ComboFix 07-06-18.2 - C:\Documents and Settings\jzeinieh\Desktop\ComboFix.exe
"JZeinieh" - 2007-06-28 9:32:07 - Service Pack 2 NTFS
Command switches used :: C:\Documents and Settings\jzeinieh\Desktop\ComboFix-Do.txt

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\msvcr61
C:\WINDOWS\system32\msvcr61\cfg.ini
C:\WINDOWS\system32\msvcr61\in
C:\WINDOWS\system32\msvcr61\l.dat
C:\WINDOWS\system32\msvcr61\perflibs__
C:\WINDOWS\system32\msvcr61\red

((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-28 )))))))))))))))))))))))))))))))

2007-06-27 11:09 23,552 --a------ C:\Program Files\Common Files\winctl.dll
2007-06-25 09:56 1,156 --a------ C:\WINDOWS\mozver.dat
2007-06-25 09:23 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 19:50 <DIR> d-------- C:\WINDOWS\pss
2007-06-23 10:34 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Yapta
2007-06-23 10:34 <DIR> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Google
2007-06-22 13:22 <DIR> d-------- C:\VundoFix Backups
2007-06-22 13:18 107,520 --a------ C:\VundoFix.exe
2007-06-21 22:47 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-06-21 21:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-21 19:53 <DIR> d-------- C:\hjt
2007-06-21 09:40 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2007-06-21 09:40 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-06-21 09:40 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-06-21 09:40 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll
2007-06-21 09:40 <DIR> d-------- C:\Temp
2007-06-13 11:43 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-25 14:26:13 -------- d-----w C:\Program Files\Messenger
2007-06-24 00:24:39 -------- d-----w C:\Program Files\Yapta
2007-05-27 23:41:17 -------- d-----w C:\DOCUME~1\jzeinieh\APPLIC~1\Yapta
2007-05-23 19:08:04 -------- d-----w C:\Program Files\Google
2007-05-09 03:23:35 -------- d-----w C:\DOCUME~1\jzeinieh\APPLIC~1\SecondLife
2007-05-09 03:23:22 -------- d-----w C:\Program Files\SecondLife
2007-04-17 03:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 03:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 03:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 03:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 03:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 03:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 03:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 03:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-02 19:10:45 199,751 ----a-w C:\WINDOWS\system32\atasnt40.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar1.dll [2007-05-22 12:05]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-22 12:05]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Visual Studio .NET Components"="msvcr61.exe" [2007-06-28 09:34 C:\WINDOWS\system32\.]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 18:32]
"WinVNC"="C:\Program Files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 14:49]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 09:00]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 04:50]
"RightFAX Print-to-Fax Driver"="C:\Program Files\RightFax\faxctrl.exe" [2002-07-24 18:57]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:18]
"Aim6"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-22 12:05]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=1 (0x1)
"NoAutoUpdate"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{009541A0-3B00-1F1C-00F3-040224009C02}"="C:\Program Files\Common Files\winctl.dll" [2007-06-26 10:37]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1219070818-4200922009-2982726761-329357\Scripts\Logon\0\0]
"Script"=\\prod.corp.ad\SysVol\prod.corp.ad\scripts\prod_users.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1650719277-3554570390-3493197080-4155\Scripts\Logon\0\0]
"Script"=\\prod.corp.ad\SysVol\prod.corp.ad\scripts\prod_users.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1650719277-3554570390-3493197080-4155\Scripts\Logon\1\0]
"Script"=\\prod.corp.ad\NETLOGON\Logon.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12

Contents of the 'Scheduled Tasks' folder
2007-06-28 14:00:01 C:\WINDOWS\tasks\At10.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-28 09:34:22
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\msvcr61.dll
C:\WINDOWS\system32\msvcr61.exe

scan completed successfully
hidden files: 2

**************************************************************************

Completion time: 2007-06-28 9:34:57
C:\ComboFix-quarantined-files.txt ... 2007-06-28 09:34
C:\ComboFix2.txt ... 2007-06-26 13:07
C:\ComboFix3.txt ... 2007-06-26 09:45

--- E O F ---

**Shaba** · 2007-06-28, 16:58

Hi

Yes that rootkit looks stubborn.

Run gmer.exe
Click the tab called Processes and click the Safe... button. The computer will reboot and the Gmer screen will open.
Click Files... and browse to the following file:
C:\WINDOWS\system32\msvcr61.dll
Now click Delete
Also do that with these files:

C:\WINDOWS\system32\msvcr61.exe
C:\Program Files\Common Files\winctl.dll

Now click the Services tab. Click the entries in red one by one with your right mouse button and click Delete... Answer Yes to all the warning windows.
When you've removed all the Service entries in red, reboot your computer.

Re-run gmer

Re-run combofix like before (with that same ComboFix-Do.txt)

Post:

- a fresh HijackThis log
- gmer log
- combofix report

Thread: Command Service and other stuff

Thread Tools

Display

gmer - part one (size limitations)

gmer part 2 of 3

gmer part 3 of 3.5

gmer final piece and hjt log

can't find msvcr61

new HJT log - still can't find the miles for jotti

new combofix log

Posting Permissions